GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
104 advisories
Filter by severity
Pysaml2 improperly initializes encryption vector
Moderate
CVE-2017-1000246
was published
for
pysaml2
(pip)
Jul 16, 2018
Cryptographically Weak PRNG in randomatic
Moderate
CVE-2017-16028
was published
for
randomatic
(npm)
Oct 9, 2018
OrientDB Server Community Edition uses insufficiently random values to generate session IDs
Moderate
CVE-2015-2913
was published
for
com.orientechnologies:orientdb-server
(Maven)
Oct 18, 2018
Spring Security uses insufficiently random values
Moderate
CVE-2019-3795
was published
for
org.springframework.security:spring-security-core
(Maven)
Apr 16, 2019
Insufficient Entropy in Spring Security
Moderate
CVE-2020-5408
was published
for
org.springframework.security:spring-security-core
(Maven)
Jun 15, 2020
Weak JSON Web Token in yapi-vendor
Moderate
CVE-2021-27884
was published
for
yapi-vendor
(npm)
Mar 26, 2021
Incorrect Calculation and Use of Insufficiently Random Values in Python
Moderate
Unreviewed
CVE-2020-14422
was published
May 11, 2021
miekg/dns insecurely generates random numbers
Moderate
CVE-2019-19794
was published
for
github.com/miekg/dns
(Go)
May 18, 2021
Predictable CSRF tokens in centreon/centreon
Moderate
CVE-2021-28055
was published
for
centreon/centreon
(Composer)
Jun 8, 2021
Insufficiently random values in Ansible
Moderate
CVE-2020-10729
was published
for
ansible
(pip)
Jun 15, 2021
Ratpack's default client side session signing key is highly predictable
Moderate
CVE-2021-29480
was published
for
io.ratpack:ratpack-session
(Maven)
Jul 1, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-dev
Moderate
CVE-2021-3692
was published
for
yiisoft/yii2-dev
(Composer)
Sep 1, 2021
Improper random number generation in github.com/coredns/coredns
Moderate
GHSA-gv9j-4w24-q7vx
was published
for
github.com/coredns/coredns
(Go)
Mar 1, 2022
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource,...
Moderate
Unreviewed
CVE-2022-22700
was published
Mar 4, 2022
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23...
Moderate
Unreviewed
CVE-2022-26317
was published
Mar 9, 2022
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't...
Moderate
Unreviewed
CVE-2022-29035
was published
Apr 12, 2022
TYPO3 is vulnerable to Insecure randomness in uniqid function
Moderate
CVE-2010-3666
was published
for
typo3/cms-install
(Composer)
Apr 21, 2022
Jetty Uses Predictable Session Identifiers
Moderate
CVE-2006-6969
was published
for
org.eclipse.jetty:jetty-server
(Maven)
May 1, 2022
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e...
Moderate
Unreviewed
CVE-2008-2020
was published
May 1, 2022
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0...
Moderate
Unreviewed
CVE-2009-0255
was published
May 2, 2022
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed...
Moderate
Unreviewed
CVE-2021-41993
was published
May 3, 2022
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed...
Moderate
Unreviewed
CVE-2021-41994
was published
May 3, 2022
SHA1 implementation in JetBrains Ktor Native before 2.0.1 was returning the same value
Moderate
Unreviewed
CVE-2022-29930
was published
May 13, 2022
Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x...
Moderate
Unreviewed
CVE-2015-3963
was published
May 13, 2022
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's...
Moderate
Unreviewed
CVE-2018-1108
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API