Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

30 advisories

Loading
A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature... Moderate Unreviewed
CVE-2024-20331 was published Oct 23, 2024
Denial of service attack via push rule patterns in matrix-synapse Moderate
CVE-2021-29471 was published for matrix-synapse (pip) May 13, 2021
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length Moderate
CVE-2024-8796 was published for devise-two-factor (RubyGems) Sep 17, 2024
syntacticNaCl mark-adams
An insufficient entropy vulnerability caused by the improper use of a randomness function with... Moderate Unreviewed
CVE-2024-38270 was published Sep 10, 2024
An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor,... Moderate Unreviewed
CVE-2023-49927 was published Jun 5, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An... Moderate Unreviewed
CVE-2022-27221 was published Jun 15, 2022
ZendFramework Information Disclosure and Insufficient Entropy vulnerability Moderate
GHSA-2fhr-8r8r-qp56 was published for zendframework/zendframework (Composer) Jun 7, 2024
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
Insecure State Generation in laravel/socialite Moderate
GHSA-h97c-qp24-439v was published for laravel/socialite (Composer) May 15, 2024
FOSUserBundle Entropy is lost in the TokenGenerator Moderate
GHSA-pjx8-984p-7p3x was published for friendsofsymfony/user-bundle (Composer) May 15, 2024
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If... Moderate Unreviewed
CVE-2023-34973 was published Aug 24, 2023
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated,... Moderate Unreviewed
CVE-2023-38357 was published Aug 1, 2023
?The affected TBox RTUs generate software security tokens using insufficient entropy. The random... Moderate Unreviewed
CVE-2023-36610 was published Jul 3, 2023
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC)... Moderate Unreviewed
CVE-2022-20941 was published Nov 16, 2022
It's possible that an authenticated user guess other session IDs based on its own. Also it's... Moderate Unreviewed
CVE-2020-1773 was published May 24, 2022
Insufficient Entropy in PHPServerMon PRNG Moderate
CVE-2021-4240 was published for phpservermon/phpservermon (Composer) Nov 16, 2022
PHPServerMon PRNG has Insufficient Entropy Moderate
CVE-2021-4241 was published for phpservermon/phpservermon (Composer) Nov 16, 2022
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local... Moderate Unreviewed
CVE-2016-2858 was published May 13, 2022
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys... Moderate Unreviewed
CVE-2017-2625 was published May 13, 2022
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local... Moderate Unreviewed
CVE-2017-2626 was published May 14, 2022
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide... Moderate Unreviewed
CVE-2018-8435 was published May 13, 2022
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying... Moderate Unreviewed
CVE-2016-2564 was published May 13, 2022
Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK... Moderate Unreviewed
CVE-2019-9555 was published May 13, 2022
A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to... Moderate Unreviewed
CVE-2021-42138 was published Dec 21, 2021
A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon... Moderate Unreviewed
CVE-2017-6030 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database