GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
102 advisories
Filter by severity
TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker...
High
Unreviewed
CVE-2026-5040
was published
Jul 14, 2026
Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of...
Moderate
Unreviewed
CVE-2026-9641
was published
Jun 12, 2026
QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm...
High
Unreviewed
CVE-2026-25861
was published
Jun 3, 2026
Danelec MacGregor Voyage Data Recorder
passwords are stored with a hashing method which limits...
Moderate
Unreviewed
CVE-2026-44611
was published
May 29, 2026
electerm's encrypt method not safe enough
Moderate
CVE-2026-45787
was published
for
electerm
(npm)
May 14, 2026
LiteLLM: Password hash exposure and pass-the-hash authentication bypass
High
GHSA-69x8-hrgq-fjj8
was published
for
litellm
(pip)
Apr 8, 2026
Flowise has Insufficient Password Salt Rounds
Moderate
CVE-2026-56272
was published
for
flowise
(npm)
Mar 5, 2026
Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational...
Critical
Unreviewed
CVE-2026-30789
was published
Mar 5, 2026
RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords.
Moderate
Unreviewed
CVE-2025-67168
was published
Dec 17, 2025
Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS)...
Moderate
Unreviewed
CVE-2025-13532
was published
Dec 16, 2025
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root"...
Moderate
Unreviewed
CVE-2025-41692
was published
Dec 9, 2025
Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router ...
Moderate
Unreviewed
CVE-2025-46413
was published
Nov 7, 2025
NeuVector has an insecure password storage and is vulnerable to rainbow attack
Moderate
CVE-2025-53884
was published
for
github.com/neuvector/neuvector
(Go)
Aug 28, 2025
Taylored webhook validation vulnerabilities
Critical
GHSA-8g98-m4j9-qww5
was published
for
taylored
(npm)
Jun 18, 2025
Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara...
High
Unreviewed
CVE-2025-3937
was published
May 22, 2025
A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low...
Moderate
Unreviewed
CVE-2025-24340
was published
Apr 30, 2025
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as...
Low
Unreviewed
CVE-2025-2349
was published
Mar 17, 2025
The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed...
High
Unreviewed
CVE-2025-2265
was published
Mar 13, 2025
IBM Security Verify Governance 10.0.2 Identity Manager
uses a one-way cryptographic hash...
Moderate
Unreviewed
CVE-2023-33838
was published
Jan 29, 2025
An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort'...
Critical
Unreviewed
CVE-2024-5743
was published
Jan 13, 2025
Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements...
Moderate
Unreviewed
CVE-2024-55057
was published
Dec 17, 2024
Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona...
Moderate
Unreviewed
CVE-2024-7701
was published
Dec 15, 2024
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to...
High
Unreviewed
CVE-2024-23091
was published
Jul 30, 2024
Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could...
Moderate
Unreviewed
CVE-2024-24553
was published
Jun 24, 2024
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the...
High
Unreviewed
CVE-2024-3183
was published
Jun 12, 2024
ProTip!
Advisories are also available from the
GraphQL API