Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

59 advisories

Loading
Use of Insufficiently Random Values in penggle:kaptcha Critical
CVE-2018-18531 was published for com.github.penggle:kaptcha (Maven) Oct 23, 2018
Insecure randomness in socket.io High
CVE-2017-16031 was published for socket.io (npm) Nov 7, 2018
Improper random number generation in github.com/coredns/coredns Moderate
GHSA-gv9j-4w24-q7vx was published for github.com/coredns/coredns (Go) Mar 1, 2022
Predictable CSRF tokens in centreon/centreon Moderate
CVE-2021-28055 was published for centreon/centreon (Composer) Jun 8, 2021
Weak private key generation in SSH.NET Moderate
CVE-2022-29245 was published for SSH.NET (NuGet) Jun 1, 2022
yaumn-synacktiv
otp-generator before v3.0.0 insecurely generates random one-time passwords Critical
CVE-2021-23451 was published for otp-generator (npm) Jul 26, 2022
Spring Security uses insufficiently random values Moderate
CVE-2019-3795 was published for org.springframework.security:spring-security-core (Maven) Apr 16, 2019
Use of unclaimed s3 bucket in tests and examples Moderate
CVE-2022-36022 was published for org.deeplearning4j:dl4j-examples (Maven) Nov 10, 2022
draco1725
Ratpack's default client side session signing key is highly predictable Moderate
CVE-2021-29480 was published for io.ratpack:ratpack-session (Maven) Jul 1, 2021
JLLeitschuh
Cryptographically weak PRNG in `utils.generateUUID` Critical
CVE-2022-36045 was published for nodebb (npm) Aug 30, 2022
HakuPiku
Use of Insufficiently Random Values in Apereo CAS High
CVE-2019-10754 was published for org.apereo.cas:cas-server-core-services-api (Maven) May 24, 2022
Fastly Compute@Edge JS Runtime has fixed random number seed during compilation High
CVE-2022-39218 was published for @fastly/js-compute (npm) Sep 20, 2022
JakeChampion
DNS NuGet package uses insufficiently random values Critical
CVE-2021-4248 was published for DNS (NuGet) Dec 18, 2022
Predictable password in Keycloak Critical
CVE-2020-1731 was published for org.keycloak:keycloak-core (Maven) Apr 15, 2020
Insufficient Nonce Validation in Eclipse Milo Client High
CVE-2019-19135 was published for org.eclipse.milo:sdk-client (Maven) Mar 16, 2020
Insufficient Entropy in Spring Security Moderate
CVE-2020-5408 was published for org.springframework.security:spring-security-core (Maven) Jun 15, 2020
Weak JSON Web Token in yapi-vendor Moderate
CVE-2021-27884 was published for yapi-vendor (npm) Mar 26, 2021
Cryptographically weak CSRF tokens in Apache MyFaces High
CVE-2021-26296 was published for org.apache.myfaces.core:myfaces-core-module (Maven) Jun 16, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-dev Moderate
CVE-2021-3692 was published for yiisoft/yii2-dev (Composer) Sep 1, 2021
Use of Insufficiently Random Values in yiisoft/yii2-dev High
CVE-2021-3689 was published for yiisoft/yii2-dev (Composer) Sep 1, 2021
Predictable SIF UUID Identifiers in github.com/sylabs/sif High
CVE-2021-29499 was published for github.com/sylabs/sif (Go) May 18, 2021
Rancher cattle-token is predictable High
CVE-2022-43755 was published for github.com/rancher/rancher (Go) Jan 25, 2023
Insecure PRNG use in random_password_generator High
CVE-2019-25061 was published for random_password_generator (RubyGems) May 19, 2022
Incorrect check on buffer length in rand_core Critical
CVE-2021-27378 was published for rand_core (Rust) Aug 25, 2021
rillian
Improper file handling in concrete5/core High
CVE-2021-22968 was published for concrete5/core (Composer) Nov 23, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database