GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
84 advisories
Filter by severity
Aescrypt does not sufficiently use random values
High
CVE-2013-7463
was published
for
aescrypt
(RubyGems)
Oct 24, 2017
Insufficient Nonce Validation in Eclipse Milo Client
High
CVE-2019-19135
was published
for
org.eclipse.milo:sdk-client
(Maven)
Mar 16, 2020
Predictable SIF UUID Identifiers in github.com/sylabs/sif
High
CVE-2021-29499
was published
for
github.com/sylabs/sif
(Go)
May 18, 2021
Cryptographically weak CSRF tokens in Apache MyFaces
High
CVE-2021-26296
was published
for
org.apache.myfaces.core:myfaces-core-module
(Maven)
Jun 16, 2021
Use of Insufficiently Random Values in yiisoft/yii2-dev
High
CVE-2021-3689
was published
for
yiisoft/yii2-dev
(Composer)
Sep 1, 2021
Improper file handling in concrete5/core
High
CVE-2021-22968
was published
for
concrete5/core
(Composer)
Nov 23, 2021
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user...
High
Unreviewed
CVE-2021-24998
was published
Dec 28, 2021
Use of Hard-coded Credentials in Apache Kylin
High
CVE-2021-45458
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,...
High
Unreviewed
CVE-2021-26726
was published
Feb 17, 2022
Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web...
High
Unreviewed
CVE-2021-46010
was published
Apr 1, 2022
randomUUID in Scala.js before 1.10.0 generates predictable values.
High
Unreviewed
CVE-2022-28355
was published
Apr 3, 2022
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS...
High
Unreviewed
CVE-2022-22517
was published
Apr 8, 2022
pyftpdlib Use of Insufficiently Random Values of port selection on PASV command
High
CVE-2007-6738
was published
for
pyftpdlib
(pip)
May 1, 2022
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses...
High
Unreviewed
CVE-2008-0087
was published
May 1, 2022
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of...
High
Unreviewed
CVE-2008-0141
was published
May 1, 2022
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business...
High
Unreviewed
CVE-2008-2433
was published
May 1, 2022
The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2,...
High
Unreviewed
CVE-2008-3612
was published
May 2, 2022
account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently...
High
Unreviewed
CVE-2009-2158
was published
May 2, 2022
pyrad is vulnerable to the use of Insufficiently Random Values
High
CVE-2013-0294
was published
for
pyrad
(pip)
May 5, 2022
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x...
High
Unreviewed
CVE-2022-26071
was published
May 6, 2022
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to...
High
Unreviewed
CVE-2013-6925
was published
May 13, 2022
Matrix Synapse Predictable Secret Key
High
CVE-2019-5885
was published
for
matrix-synapse
(pip)
May 13, 2022
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the...
High
Unreviewed
CVE-2019-8919
was published
May 13, 2022
Due to unencrypted signal communication and predictability of rolling codes, an attacker can ...
High
Unreviewed
CVE-2019-9860
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API