GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
Cryptographically Weak PRNG in generate-password
Moderate
GHSA-6qqf-vvcr-7qrv
was published
for
generate-password
(npm)
May 23, 2019
Critical severity vulnerability that affects generator-jhipster
Critical
GHSA-mwp6-j9wf-968c
was published
for
generator-jhipster
(npm)
Sep 13, 2019
•
withdrawn
Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor
Critical
CVE-2018-16115
was published
for
com.typesafe.akka:akka-actor_2.11
(Maven)
Oct 22, 2018
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker
High
CVE-2018-15795
was published
for
org.springframework.credhub:spring-credhub-core
(Maven)
Nov 29, 2018
JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0
Critical
CVE-2019-16303
was published
for
generator-jhipster-kotlin
(npm)
Jun 26, 2020
Weak private key generation in SSH.NET
Moderate
CVE-2022-29245
was published
for
SSH.NET
(NuGet)
Jun 1, 2022
Cryptographically weak PRNG in `utils.generateUUID`
Critical
CVE-2022-36045
was published
for
nodebb
(npm)
Aug 30, 2022
Use of Insufficiently Random Values in Apereo CAS
High
CVE-2019-10754
was published
for
org.apereo.cas:cas-server-core-services-api
(Maven)
May 24, 2022
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack
Low
CVE-2019-11808
was published
for
io.ratpack:ratpack-groovy
(Maven)
May 14, 2019
Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml
Moderate
CVE-2019-10755
was published
for
org.pac4j:pac4j-saml
(Maven)
Nov 6, 2019
Use of Cryptographically Weak Pseudo-Random Number Generator in showdoc
Moderate
CVE-2021-3678
was published
for
showdoc/showdoc
(Composer)
Sep 2, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone
High
CVE-2020-28924
was published
for
github.com/rclone/rclone
(Go)
Jun 10, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-dev
Moderate
CVE-2021-3692
was published
for
yiisoft/yii2-dev
(Composer)
Sep 1, 2021
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Moderate
CVE-2021-3990
was published
for
showdoc/showdoc
(Composer)
Dec 3, 2021
Improper random number generation in nanorand
Moderate
CVE-2020-35926
was published
for
nanorand
(Rust)
Aug 25, 2021
Apache Syncope uses a weak PNRG
Moderate
CVE-2014-3503
was published
for
org.apache.syncope:syncope
(Maven)
May 14, 2022
miekg/dns insecurely generates random numbers
Moderate
CVE-2019-19794
was published
for
github.com/miekg/dns
(Go)
May 18, 2021
Cryptographically Weak PRNG in randomatic
Moderate
CVE-2017-16028
was published
for
randomatic
(npm)
Oct 9, 2018
Ethyca Fides Cryptographically Weak Generation of One-Time Codes for Identity Verification
High
CVE-2023-48224
was published
for
ethyca-fides
(pip)
Nov 16, 2023
Magento 2 Community Weak PRNG
Moderate
CVE-2019-8113
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition Weak PRNG
High
CVE-2019-7860
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Cryptographic Flaw
Moderate
CVE-2019-7855
was published
for
magento/community-edition
(Composer)
May 24, 2022
stormpath/sdk uses Insecure Random Number Generator
Moderate
GHSA-q8fc-v85f-78pw
was published
for
stormpath/sdk
(Composer)
May 29, 2024
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
Critical
CVE-2024-29868
was published
for
org.apache.streampipes:streampipes-resource-management
(Maven)
Jun 24, 2024
go.uuid has Predictable UUID Identifiers
Critical
CVE-2021-3538
was published
for
github.com/satori/go.uuid
(Go)
Feb 7, 2023
ProTip!
Advisories are also available from the
GraphQL API