GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
40 advisories
Filter by severity
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to...
High
Unreviewed
CVE-2022-20817
was published
Jun 16, 2022
OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token...
High
Unreviewed
CVE-2022-33738
was published
Jul 7, 2022
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
High
Unreviewed
CVE-2021-37553
was published
May 24, 2022
profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can...
High
Unreviewed
CVE-2022-40769
was published
Sep 19, 2022
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not...
High
Unreviewed
CVE-2017-5493
was published
May 13, 2022
Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3...
High
Unreviewed
CVE-2017-8081
was published
May 13, 2022
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650,...
High
Unreviewed
CVE-2018-11291
was published
May 13, 2022
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU...
High
Unreviewed
CVE-2018-11290
was published
May 13, 2022
The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum...
High
Unreviewed
CVE-2018-15552
was published
May 13, 2022
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650,...
High
Unreviewed
CVE-2018-5837
was published
May 13, 2022
The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling...
High
Unreviewed
CVE-2018-12056
was published
May 14, 2022
The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum...
High
Unreviewed
CVE-2018-17071
was published
May 14, 2022
The random() function of the smart contract implementation for CryptoSaga, an Ethereum game,...
High
Unreviewed
CVE-2018-12975
was published
May 14, 2022
A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a...
High
Unreviewed
CVE-2018-17968
was published
May 14, 2022
A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a...
High
Unreviewed
CVE-2018-17877
was published
May 14, 2022
The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an...
High
Unreviewed
CVE-2018-12454
was published
May 14, 2022
The endCoinFlip function and throwSlammer function of the smart contract implementations for...
High
Unreviewed
CVE-2018-14715
was published
May 14, 2022
** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology...
High
Unreviewed
CVE-2017-9230
was published
May 14, 2022
An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs...
High
Unreviewed
CVE-2017-17845
was published
May 14, 2022
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
High
Unreviewed
CVE-2021-45489
was published
Dec 26, 2021
Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a...
High
Unreviewed
CVE-2013-20003
was published
Feb 10, 2022
The use of a cryptographically weak pseudo-random number generator in the password reset feature...
High
Unreviewed
CVE-2021-36171
was published
Mar 2, 2022
Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm...
High
Unreviewed
CVE-2023-28395
was published
Mar 28, 2023
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the...
High
Unreviewed
CVE-2021-22948
was published
May 24, 2022
The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the...
High
Unreviewed
CVE-2022-0828
was published
Apr 12, 2022
ProTip!
Advisories are also available from the
GraphQL API