GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
92 advisories
Filter by severity
cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows...
High
Unreviewed
CVE-2009-2367
was published
May 2, 2022
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random...
High
Unreviewed
CVE-2008-0166
was published
May 1, 2022
The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag...
High
Unreviewed
CVE-2024-23660
was published
Feb 8, 2024
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the...
Moderate
Unreviewed
CVE-2009-3278
was published
May 2, 2022
Magento 2 Community Cryptographic Flaw
Moderate
CVE-2019-7855
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition Weak PRNG
High
CVE-2019-7860
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Weak PRNG
Moderate
CVE-2019-8113
was published
for
magento/community-edition
(Composer)
May 24, 2022
Ethyca Fides Cryptographically Weak Generation of One-Time Codes for Identity Verification
High
CVE-2023-48224
was published
for
ethyca-fides
(pip)
Nov 16, 2023
Cryptographically Weak PRNG in randomatic
Moderate
CVE-2017-16028
was published
for
randomatic
(npm)
Oct 9, 2018
miekg/dns insecurely generates random numbers
Moderate
CVE-2019-19794
was published
for
github.com/miekg/dns
(Go)
May 18, 2021
Apache Syncope uses a weak PNRG
Moderate
CVE-2014-3503
was published
for
org.apache.syncope:syncope
(Maven)
May 14, 2022
The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the...
High
Unreviewed
CVE-2022-0828
was published
Apr 12, 2022
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the...
High
Unreviewed
CVE-2021-22948
was published
May 24, 2022
Improper random number generation in nanorand
Moderate
CVE-2020-35926
was published
for
nanorand
(Rust)
Aug 25, 2021
Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm...
High
Unreviewed
CVE-2023-28395
was published
Mar 28, 2023
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with...
Critical
Unreviewed
CVE-2022-35255
was published
Dec 6, 2022
The use of a cryptographically weak pseudo-random number generator in the password reset feature...
High
Unreviewed
CVE-2021-36171
was published
Mar 2, 2022
Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a...
High
Unreviewed
CVE-2013-20003
was published
Feb 10, 2022
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
High
Unreviewed
CVE-2021-45489
was published
Dec 26, 2021
It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates...
Critical
Unreviewed
CVE-2017-18021
was published
May 14, 2022
An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs...
High
Unreviewed
CVE-2017-17845
was published
May 14, 2022
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler...
Moderate
Unreviewed
CVE-2017-11671
was published
May 14, 2022
** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology...
High
Unreviewed
CVE-2017-9230
was published
May 14, 2022
The endCoinFlip function and throwSlammer function of the smart contract implementations for...
High
Unreviewed
CVE-2018-14715
was published
May 14, 2022
The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an...
High
Unreviewed
CVE-2018-12454
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API