GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,198
Composer 4,343
Erlang 31
GitHub Actions 22
Go 2,107
Maven 5,283
npm 3,764
NuGet 679
pip 3,452
Pub 12
RubyGems 892
Rust 886
Swift 37

Unreviewed advisories

All unreviewed 243,202

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

251 advisories

Filter by severity

Sort by

Least recently updated

The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in... Moderate Unreviewed

CVE-2020-7241 was published May 24, 2022

The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device... Moderate Unreviewed

CVE-2019-18282 was published May 24, 2022

A password generation weakness exists in xquest through 2016-06-13. Low Unreviewed

CVE-2016-4980 was published May 24, 2022

The token generator in index.php in Centreon Web before 2.8.27 is predictable. Moderate Unreviewed

CVE-2019-17105 was published May 24, 2022

Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap... Critical Unreviewed

CVE-2019-2294 was published May 24, 2022

Use of Insufficiently Random Values in Apereo CAS High

CVE-2019-10754 was published for org.apereo.cas:cas-server-core-services-api (Maven) May 24, 2022

OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include... Moderate Unreviewed

CVE-2019-1549 was published May 24, 2022

Magento 2 Community Edition Cryptographic Flaw High

CVE-2019-7886 was published for magento/community-edition (Composer) May 24, 2022

A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while... Moderate Unreviewed

CVE-2019-12821 was published May 24, 2022

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap... Moderate Unreviewed

CVE-2019-1010025 was published May 24, 2022

Prima Systems FlexAir devices allow unauthenticated download of the database configuration backup... Critical Unreviewed

CVE-2019-7667 was published May 24, 2022

The doAirdrop function of a smart contract implementation for Primeo (PEO), an Ethereum token,... Moderate Unreviewed

CVE-2018-18425 was published May 24, 2022

CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of... High Unreviewed

CVE-2019-6821 was published May 24, 2022

golang.org/x/crypto/salsa20/salsa uses insufficiently random values Moderate

CVE-2019-11840 was published for golang.org/x/crypto (Go) May 24, 2022

gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which... Moderate Unreviewed

CVE-2019-11690 was published May 24, 2022

Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including... High Unreviewed

CVE-2019-11641 was published May 24, 2022

Insecure PRNG use in random_password_generator High

CVE-2019-25061 was published for random_password_generator (RubyGems) May 19, 2022

generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp... Critical Unreviewed

CVE-2014-6311 was published May 17, 2022

The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy... Moderate Unreviewed

CVE-2008-5162 was published May 17, 2022

Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it... Moderate Unreviewed

CVE-2008-4905 was published May 17, 2022

MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded... Moderate Unreviewed

CVE-2008-4929 was published May 17, 2022

Fat Free CRM has fixed token value Moderate

CVE-2013-7222 was published for fat_free_crm (RubyGems) May 17, 2022

SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces Moderate

CVE-2013-4347 was published for oauth2 (pip) May 17, 2022

Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which... High Unreviewed

CVE-2016-5085 was published May 17, 2022

Froxlor guessable password reset token Critical

CVE-2016-5100 was published for froxlor/froxlor (Composer) May 17, 2022

Previous 1 2 3 4 5 6 7 8 9 10 11 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

251 advisories