Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

10 advisories

Loading
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys Critical
GHSA-84c3-j8r2-mcm8 was published for @nfid/embed (npm) Feb 26, 2024
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate` Critical
CVE-2024-1631 was published for @dfinity/auth-client (npm) Feb 21, 2024
peterpeterparker krpeacock
DNS NuGet package uses insufficiently random values Critical
CVE-2021-4248 was published for DNS (NuGet) Dec 18, 2022
Cryptographically weak PRNG in `utils.generateUUID` Critical
CVE-2022-36045 was published for nodebb (npm) Aug 30, 2022
HakuPiku
otp-generator before v3.0.0 insecurely generates random one-time passwords Critical
CVE-2021-23451 was published for otp-generator (npm) Jul 26, 2022
Froxlor guessable password reset token Critical
CVE-2016-5100 was published for froxlor/froxlor (Composer) May 17, 2022
Incorrect check on buffer length in rand_core Critical
CVE-2021-27378 was published for rand_core (Rust) Aug 25, 2021
rillian
Predictable password in Keycloak Critical
CVE-2020-1731 was published for org.keycloak:keycloak-core (Maven) Apr 15, 2020
Use of Insufficiently Random Values in Railties Allows Remote Code Execution Critical
CVE-2019-5420 was published for railties (RubyGems) Mar 13, 2019
Use of Insufficiently Random Values in penggle:kaptcha Critical
CVE-2018-18531 was published for com.github.penggle:kaptcha (Maven) Oct 23, 2018
ProTip! Advisories are also available from the GraphQL API