GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
44 advisories
Filter by severity
The Rambus SafeZone Basic Crypto Module, as used in certain Fujifilm (formerly Fuji Xerox)...
Critical
Unreviewed
CVE-2022-26320
was published
Mar 15, 2022
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper...
Critical
Unreviewed
CVE-2023-4344
was published
Aug 15, 2023
MileSight DeviceHub -
CWE-330 Use of Insufficiently Random Values may allow Authentication...
Critical
Unreviewed
CVE-2024-36389
was published
Jun 2, 2024
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE...
Critical
Unreviewed
CVE-2022-46353
was published
Dec 13, 2022
In Contiki 4.5, TCP ISNs are improperly random.
Critical
Unreviewed
CVE-2020-27634
was published
Oct 10, 2023
In FNET 4.6.3, TCP ISNs are improperly random.
Critical
Unreviewed
CVE-2020-27633
was published
Oct 10, 2023
In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.
Critical
Unreviewed
CVE-2020-27630
was published
Oct 10, 2023
In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.
Critical
Unreviewed
CVE-2020-27636
was published
Oct 10, 2023
In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.
Critical
Unreviewed
CVE-2020-27631
was published
Oct 10, 2023
In PicoTCP 1.7.0, TCP ISNs are improperly random.
Critical
Unreviewed
CVE-2020-27635
was published
Oct 10, 2023
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass...
Critical
Unreviewed
CVE-2023-39979
was published
Sep 2, 2023
Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation...
Critical
Unreviewed
CVE-2023-3373
was published
Aug 4, 2023
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random...
Critical
Unreviewed
CVE-2023-2884
was published
May 25, 2023
Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap...
Critical
Unreviewed
CVE-2019-2294
was published
May 24, 2022
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp...
Critical
Unreviewed
CVE-2014-6311
was published
May 17, 2022
Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness
Critical
Unreviewed
CVE-2013-4102
was published
May 5, 2022
reNgine through 0.5 relies on a predictable directory name.
Critical
Unreviewed
CVE-2021-38606
was published
May 24, 2022
KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP...
Critical
Unreviewed
CVE-2022-43501
was published
Feb 10, 2023
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass...
Critical
Unreviewed
CVE-2021-36294
was published
Jan 27, 2022
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects...
Critical
Unreviewed
CVE-2022-23408
was published
Jan 19, 2022
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data ...
Critical
Unreviewed
CVE-2018-18375
was published
May 13, 2022
An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies,...
Critical
Unreviewed
CVE-2018-16239
was published
May 13, 2022
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10...
Critical
Unreviewed
CVE-2017-16924
was published
May 13, 2022
A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen...
Critical
Unreviewed
CVE-2017-7902
was published
May 13, 2022
NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that...
Critical
Unreviewed
CVE-2018-17888
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API