Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

44 advisories

Loading
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper... Critical Unreviewed
CVE-2023-4344 was published Aug 15, 2023
MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication... Critical Unreviewed
CVE-2024-36389 was published Jun 2, 2024
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE... Critical Unreviewed
CVE-2022-46353 was published Dec 13, 2022
In Contiki 4.5, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27634 was published Oct 10, 2023
In FNET 4.6.3, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27633 was published Oct 10, 2023
In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27630 was published Oct 10, 2023
In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27636 was published Oct 10, 2023
In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27631 was published Oct 10, 2023
In PicoTCP 1.7.0, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27635 was published Oct 10, 2023
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass... Critical Unreviewed
CVE-2023-39979 was published Sep 2, 2023
Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation... Critical Unreviewed
CVE-2023-3373 was published Aug 4, 2023
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random... Critical Unreviewed
CVE-2023-2884 was published May 25, 2023
Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap... Critical Unreviewed
CVE-2019-2294 was published May 24, 2022
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp... Critical Unreviewed
CVE-2014-6311 was published May 17, 2022
Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness Critical Unreviewed
CVE-2013-4102 was published May 5, 2022
reNgine through 0.5 relies on a predictable directory name. Critical Unreviewed
CVE-2021-38606 was published May 24, 2022
KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP... Critical Unreviewed
CVE-2022-43501 was published Feb 10, 2023
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass... Critical Unreviewed
CVE-2021-36294 was published Jan 27, 2022
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects... Critical Unreviewed
CVE-2022-23408 was published Jan 19, 2022
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data ... Critical Unreviewed
CVE-2018-18375 was published May 13, 2022
An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies,... Critical Unreviewed
CVE-2018-16239 was published May 13, 2022
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10... Critical Unreviewed
CVE-2017-16924 was published May 13, 2022
A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen... Critical Unreviewed
CVE-2017-7902 was published May 13, 2022
NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that... Critical Unreviewed
CVE-2018-17888 was published May 13, 2022
The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well... Critical Unreviewed
CVE-2019-0007 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API