Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

248 advisories

Loading
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities High
GHSA-xg9w-r469-m455 was published for zendframework/zendframework (Composer) Jun 7, 2024
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys Critical
GHSA-84c3-j8r2-mcm8 was published for @nfid/embed (npm) Feb 26, 2024
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate` Critical
CVE-2024-1631 was published for @dfinity/auth-client (npm) Feb 21, 2024
peterpeterparker krpeacock
Use of Insufficiently Random Values in github.com/greenpau/caddy-security Moderate
CVE-2024-21495 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Insecure random string generator used for sensitive data High
CVE-2023-46740 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption High
CVE-2023-48056 was published for pypinksign (pip) Nov 16, 2023
In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27631 was published Oct 10, 2023
ProTip! Advisories are also available from the GraphQL API