Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

28 advisories

Loading
Withdrawn Advisory: go-mysql affected by go.uuid's Predictable UUID Identifiers Critical
GHSA-rc7v-65v6-m2v3 was published for github.com/go-mysql-org/go-mysql (Go) Oct 28, 2024 withdrawn
Fidget-Grep
Passeo uses insecure random number generator High
CVE-2022-23472 was published for Passeo (pip) Dec 6, 2022
Bluenix2 ArjunSharda
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG High
CVE-2019-11842 was published for matrix-sydent (pip) May 24, 2022
westonsteimel
go.uuid has Predictable UUID Identifiers Critical
CVE-2021-3538 was published for github.com/satori/go.uuid (Go) Feb 7, 2023
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation Critical
CVE-2024-29868 was published for org.apache.streampipes:streampipes-resource-management (Maven) Jun 24, 2024
oscerd
stormpath/sdk uses Insecure Random Number Generator Moderate
GHSA-q8fc-v85f-78pw was published for stormpath/sdk (Composer) May 29, 2024
Magento 2 Community Cryptographic Flaw Moderate
CVE-2019-7855 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition Weak PRNG High
CVE-2019-7860 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Weak PRNG Moderate
CVE-2019-8113 was published for magento/community-edition (Composer) May 24, 2022
Ethyca Fides Cryptographically Weak Generation of One-Time Codes for Identity Verification High
CVE-2023-48224 was published for ethyca-fides (pip) Nov 16, 2023
RobertKeyser
Cryptographically Weak PRNG in randomatic Moderate
CVE-2017-16028 was published for randomatic (npm) Oct 9, 2018
miekg/dns insecurely generates random numbers Moderate
CVE-2019-19794 was published for github.com/miekg/dns (Go) May 18, 2021
Apache Syncope uses a weak PNRG Moderate
CVE-2014-3503 was published for org.apache.syncope:syncope (Maven) May 14, 2022
Improper random number generation in nanorand Moderate
CVE-2020-35926 was published for nanorand (Rust) Aug 25, 2021
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Moderate
CVE-2021-3990 was published for showdoc/showdoc (Composer) Dec 3, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-dev Moderate
CVE-2021-3692 was published for yiisoft/yii2-dev (Composer) Sep 1, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone High
CVE-2020-28924 was published for github.com/rclone/rclone (Go) Jun 10, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in showdoc Moderate
CVE-2021-3678 was published for showdoc/showdoc (Composer) Sep 2, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml Moderate
CVE-2019-10755 was published for org.pac4j:pac4j-saml (Maven) Nov 6, 2019
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack Low
CVE-2019-11808 was published for io.ratpack:ratpack-groovy (Maven) May 14, 2019
Use of Insufficiently Random Values in Apereo CAS High
CVE-2019-10754 was published for org.apereo.cas:cas-server-core-services-api (Maven) May 24, 2022
Cryptographically weak PRNG in `utils.generateUUID` Critical
CVE-2022-36045 was published for nodebb (npm) Aug 30, 2022
HakuPiku
Weak private key generation in SSH.NET Moderate
CVE-2022-29245 was published for SSH.NET (NuGet) Jun 1, 2022
yaumn-synacktiv
JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0 Critical
CVE-2019-16303 was published for generator-jhipster-kotlin (npm) Jun 26, 2020
JLLeitschuh
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker High
CVE-2018-15795 was published for org.springframework.credhub:spring-credhub-core (Maven) Nov 29, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database