Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

248 advisories

Loading
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random... Moderate Unreviewed
CVE-2015-9019 was published May 17, 2022
Froxlor guessable password reset token Critical
CVE-2016-5100 was published for froxlor/froxlor (Composer) May 17, 2022
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which... High Unreviewed
CVE-2016-5085 was published May 17, 2022
SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces Moderate
CVE-2013-4347 was published for oauth2 (pip) May 17, 2022
Fat Free CRM has fixed token value Moderate
CVE-2013-7222 was published for fat_free_crm (RubyGems) May 17, 2022
MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded... Moderate Unreviewed
CVE-2008-4929 was published May 17, 2022
Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it... Moderate Unreviewed
CVE-2008-4905 was published May 17, 2022
The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy... Moderate Unreviewed
CVE-2008-5162 was published May 17, 2022
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp... Critical Unreviewed
CVE-2014-6311 was published May 17, 2022
Insecure PRNG use in random_password_generator High
CVE-2019-25061 was published for random_password_generator (RubyGems) May 19, 2022
Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including... High Unreviewed
CVE-2019-11641 was published May 24, 2022
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which... Moderate Unreviewed
CVE-2019-11690 was published May 24, 2022
golang.org/x/crypto/salsa20/salsa uses insufficiently random values Moderate
CVE-2019-11840 was published for golang.org/x/crypto (Go) May 24, 2022
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of... High Unreviewed
CVE-2019-6821 was published May 24, 2022
The doAirdrop function of a smart contract implementation for Primeo (PEO), an Ethereum token,... Moderate Unreviewed
CVE-2018-18425 was published May 24, 2022
Prima Systems FlexAir devices allow unauthenticated download of the database configuration backup... Critical Unreviewed
CVE-2019-7667 was published May 24, 2022
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap... Moderate Unreviewed
CVE-2019-1010025 was published May 24, 2022
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while... Moderate Unreviewed
CVE-2019-12821 was published May 24, 2022
Magento 2 Community Edition Cryptographic Flaw High
CVE-2019-7886 was published for magento/community-edition (Composer) May 24, 2022
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include... Moderate Unreviewed
CVE-2019-1549 was published May 24, 2022
Use of Insufficiently Random Values in Apereo CAS High
CVE-2019-10754 was published for org.apereo.cas:cas-server-core-services-api (Maven) May 24, 2022
Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap... Critical Unreviewed
CVE-2019-2294 was published May 24, 2022
The token generator in index.php in Centreon Web before 2.8.27 is predictable. Moderate Unreviewed
CVE-2019-17105 was published May 24, 2022
A password generation weakness exists in xquest through 2016-06-13. Low Unreviewed
CVE-2016-4980 was published May 24, 2022
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device... Moderate Unreviewed
CVE-2019-18282 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database