Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

95 advisories

Loading
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with... Critical Unreviewed
CVE-2022-35255 was published Dec 6, 2022
An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that... Critical Unreviewed
CVE-2022-44796 was published Nov 7, 2022
D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random... Moderate Unreviewed
CVE-2022-42159 was published Oct 14, 2022
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number... Moderate Unreviewed
CVE-2022-41210 was published Oct 12, 2022
profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can... High Unreviewed
CVE-2022-40769 was published Sep 19, 2022
Cryptographically weak PRNG in `utils.generateUUID` Critical
CVE-2022-36045 was published for nodebb (npm) Aug 30, 2022
HakuPiku
OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token... High Unreviewed
CVE-2022-33738 was published Jul 7, 2022
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to... High Unreviewed
CVE-2022-20817 was published Jun 16, 2022
Weak private key generation in SSH.NET Moderate
CVE-2022-29245 was published for SSH.NET (NuGet) Jun 1, 2022
yaumn-synacktiv
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the... High Unreviewed
CVE-2021-22948 was published May 24, 2022
A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to... Low Unreviewed
CVE-2021-3047 was published May 24, 2022
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. High Unreviewed
CVE-2021-37553 was published May 24, 2022
Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R)... Moderate Unreviewed
CVE-2021-0131 was published May 24, 2022
BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate... Moderate Unreviewed
CVE-2021-29245 was published May 24, 2022
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset... Critical Unreviewed
CVE-2020-28642 was published May 24, 2022
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. High Unreviewed
CVE-2020-13784 was published May 24, 2022
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo... Low Unreviewed
CVE-2020-6616 was published May 24, 2022
An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config... Moderate Unreviewed
CVE-2019-15075 was published May 24, 2022
Magento 2 Community Weak PRNG Moderate
CVE-2019-8113 was published for magento/community-edition (Composer) May 24, 2022
Use of Insufficiently Random Values in Apereo CAS High
CVE-2019-10754 was published for org.apereo.cas:cas-server-core-services-api (Maven) May 24, 2022
Magento 2 Community Edition Weak PRNG High
CVE-2019-7860 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Cryptographic Flaw Moderate
CVE-2019-7855 was published for magento/community-edition (Composer) May 24, 2022
Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver <... High Unreviewed
CVE-2019-5440 was published May 24, 2022
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG High
CVE-2019-11842 was published for matrix-sydent (pip) May 24, 2022
westonsteimel
It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates... Critical Unreviewed
CVE-2017-18021 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database