GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
59 advisories
Filter by severity
pyrad is vulnerable to the use of Insufficiently Random Values
High
CVE-2013-0294
was published
for
pyrad
(pip)
May 5, 2022
pyftpdlib Use of Insufficiently Random Values of port selection on PASV command
High
CVE-2007-6738
was published
for
pyftpdlib
(pip)
May 1, 2022
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption
High
CVE-2023-48056
was published
for
pypinksign
(pip)
Nov 16, 2023
Pysaml2 improperly initializes encryption vector
Moderate
CVE-2017-1000246
was published
for
pysaml2
(pip)
Jul 16, 2018
SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces
Moderate
CVE-2013-4347
was published
for
oauth2
(pip)
May 17, 2022
Lemur subject to insecure random generation
High
CVE-2023-30797
was published
for
lemur
(pip)
Mar 1, 2023
Duplicate Advisory: Lemur subject to insecure random generation
High
GHSA-r4xg-4wrv-w72h
was published
for
lemur
(pip)
Apr 19, 2023
•
withdrawn
Matrix Synapse Predictable Secret Key
High
CVE-2019-5885
was published
for
matrix-synapse
(pip)
May 13, 2022
Insufficiently random values in Ansible
Moderate
CVE-2020-10729
was published
for
ansible
(pip)
Jun 15, 2021
Ansible uses a socket with predictable filename in /tmp
Low
CVE-2013-4259
was published
for
Ansible
(pip)
May 14, 2022
Insecure random string generator used for sensitive data
Moderate
CVE-2023-46740
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
High
GHSA-xg9w-r469-m455
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Froxlor guessable password reset token
Critical
CVE-2016-5100
was published
for
froxlor/froxlor
(Composer)
May 17, 2022
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys
Critical
GHSA-84c3-j8r2-mcm8
was published
for
@nfid/embed
(npm)
Feb 26, 2024
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`
Critical
CVE-2024-1631
was published
for
@dfinity/auth-client
(npm)
Feb 21, 2024
Use of Insufficiently Random Values in github.com/greenpau/caddy-security
Moderate
CVE-2024-21495
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Jetty Uses Predictable Session Identifiers
Moderate
CVE-2006-6969
was published
for
org.eclipse.jetty:jetty-server
(Maven)
May 1, 2022
Magento 2 Community Edition Cryptographic Flaw
High
CVE-2019-7886
was published
for
magento/community-edition
(Composer)
May 24, 2022
TYPO3 is vulnerable to Insecure randomness in uniqid function
Moderate
CVE-2010-3666
was published
for
typo3/cms-install
(Composer)
Apr 21, 2022
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
High
CVE-2020-2099
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Magento LTS's guest order "protect code" can be brute-forced too easily
High
CVE-2023-41879
was published
for
openmage/magento-lts
(Composer)
Sep 11, 2023
crypto-js uses insecure random numbers
Moderate
CVE-2020-36732
was published
for
crypto-js
(npm)
Jun 12, 2023
golang.org/x/crypto/salsa20/salsa uses insufficiently random values
Moderate
CVE-2019-11840
was published
for
golang.org/x/crypto
(Go)
May 24, 2022
OrientDB Server Community Edition uses insufficiently random values to generate session IDs
Moderate
CVE-2015-2913
was published
for
com.orientechnologies:orientdb-server
(Maven)
Oct 18, 2018
Cryptographically Weak PRNG in randomatic
Moderate
CVE-2017-16028
was published
for
randomatic
(npm)
Oct 9, 2018
ProTip!
Advisories are also available from the
GraphQL API