Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,417
Maven
5,000+
npm
4,054
NuGet
723
pip
3,845
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

92 advisories

Loading
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure... Moderate Unreviewed
CVE-2024-22473 was published Feb 21, 2024
SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction... High Unreviewed
CVE-2024-25407 was published Feb 13, 2024
WWBN AVideo Insufficient Entropy vulnerbaility Critical
CVE-2023-49599 was published for wwbn/avideo (Composer) Jan 10, 2024
An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that... High Unreviewed
CVE-2023-46648 was published Dec 21, 2023
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could... High Unreviewed
CVE-2023-31176 was published Nov 30, 2023
jose4j uses weak cryptographic algorithm High
CVE-2023-31582 was published for org.bitbucket.b_c:jose4j (Maven) Oct 25, 2023
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If... Moderate Unreviewed
CVE-2023-34973 was published Aug 24, 2023
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper... Critical Unreviewed
CVE-2023-4344 was published Aug 15, 2023
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated,... Moderate Unreviewed
CVE-2023-38357 was published Aug 1, 2023
?The affected TBox RTUs generate software security tokens using insufficient entropy. The random... Moderate Unreviewed
CVE-2023-36610 was published Jul 3, 2023
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an... Critical Unreviewed
CVE-2023-3325 was published Jun 20, 2023
crypto-js uses insecure random numbers Moderate
CVE-2020-36732 was published for crypto-js (npm) Jun 12, 2023
A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom... High Unreviewed
CVE-2023-20107 was published Mar 23, 2023
Rancher cattle-token is predictable High
CVE-2022-43755 was published for github.com/rancher/rancher (Go) Jan 25, 2023
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected Critical
CVE-2021-4238 was published for github.com/Masterminds/goutils (Go) Dec 28, 2022
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC)... Moderate Unreviewed
CVE-2022-20941 was published Nov 16, 2022
Insufficient Entropy in PHPServerMon PRNG Moderate
CVE-2021-4240 was published for phpservermon/phpservermon (Composer) Nov 16, 2022
PHPServerMon PRNG has Insufficient Entropy Moderate
CVE-2021-4241 was published for phpservermon/phpservermon (Composer) Nov 16, 2022
An insufficient entropy vulnerability caused by the improper use of randomness sources with low... Moderate Unreviewed
CVE-2022-34746 was published Sep 21, 2022
Apache OpenOffice supports the storage of passwords for web connections in the user's... High Unreviewed
CVE-2022-37401 was published Aug 16, 2022
dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot... Moderate Unreviewed
CVE-2022-33989 was published Aug 16, 2022
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation... Critical Unreviewed
CVE-2021-41615 was published Aug 9, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, ... High Unreviewed
CVE-2020-29505 was published Jul 12, 2022
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params High
CVE-2022-31034 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
crenshaw-dev jgwest
AdamKorcz DavidKorczynski
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database