GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
248 advisories
Filter by severity
Aescrypt does not sufficiently use random values
High
CVE-2013-7463
was published
for
aescrypt
(RubyGems)
Oct 24, 2017
Pysaml2 improperly initializes encryption vector
Moderate
CVE-2017-1000246
was published
for
pysaml2
(pip)
Jul 16, 2018
Cryptographically Weak PRNG in randomatic
Moderate
CVE-2017-16028
was published
for
randomatic
(npm)
Oct 9, 2018
OrientDB Server Community Edition uses insufficiently random values to generate session IDs
Moderate
CVE-2015-2913
was published
for
com.orientechnologies:orientdb-server
(Maven)
Oct 18, 2018
Use of Insufficiently Random Values in penggle:kaptcha
Critical
CVE-2018-18531
was published
for
com.github.penggle:kaptcha
(Maven)
Oct 23, 2018
Use of Insufficiently Random Values in Railties Allows Remote Code Execution
Critical
CVE-2019-5420
was published
for
railties
(RubyGems)
Mar 13, 2019
Spring Security uses insufficiently random values
Moderate
CVE-2019-3795
was published
for
org.springframework.security:spring-security-core
(Maven)
Apr 16, 2019
Insufficient Nonce Validation in Eclipse Milo Client
High
CVE-2019-19135
was published
for
org.eclipse.milo:sdk-client
(Maven)
Mar 16, 2020
Predictable password in Keycloak
Critical
CVE-2020-1731
was published
for
org.keycloak:keycloak-core
(Maven)
Apr 15, 2020
Insufficient Entropy in Spring Security
Moderate
CVE-2020-5408
was published
for
org.springframework.security:spring-security-core
(Maven)
Jun 15, 2020
Weak JSON Web Token in yapi-vendor
Moderate
CVE-2021-27884
was published
for
yapi-vendor
(npm)
Mar 26, 2021
Incorrect Calculation and Use of Insufficiently Random Values in Python
Moderate
Unreviewed
CVE-2020-14422
was published
May 11, 2021
Predictable SIF UUID Identifiers in github.com/sylabs/sif
High
CVE-2021-29499
was published
for
github.com/sylabs/sif
(Go)
May 18, 2021
miekg/dns insecurely generates random numbers
Moderate
CVE-2019-19794
was published
for
github.com/miekg/dns
(Go)
May 18, 2021
Predictable CSRF tokens in centreon/centreon
Moderate
CVE-2021-28055
was published
for
centreon/centreon
(Composer)
Jun 8, 2021
Insufficiently random values in Ansible
Moderate
CVE-2020-10729
was published
for
ansible
(pip)
Jun 15, 2021
Cryptographically weak CSRF tokens in Apache MyFaces
High
CVE-2021-26296
was published
for
org.apache.myfaces.core:myfaces-core-module
(Maven)
Jun 16, 2021
Ratpack's default client side session signing key is highly predictable
Moderate
CVE-2021-29480
was published
for
io.ratpack:ratpack-session
(Maven)
Jul 1, 2021
Incorrect check on buffer length in rand_core
Critical
CVE-2021-27378
was published
for
rand_core
(Rust)
Aug 25, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-dev
Moderate
CVE-2021-3692
was published
for
yiisoft/yii2-dev
(Composer)
Sep 1, 2021
Use of Insufficiently Random Values in yiisoft/yii2-dev
High
CVE-2021-3689
was published
for
yiisoft/yii2-dev
(Composer)
Sep 1, 2021
Improper file handling in concrete5/core
High
CVE-2021-22968
was published
for
concrete5/core
(Composer)
Nov 23, 2021
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user...
High
Unreviewed
CVE-2021-24998
was published
Dec 28, 2021
Use of Hard-coded Credentials in Apache Kylin
High
CVE-2021-45458
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
ProTip!
Advisories are also available from the
GraphQL API