Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,416
Maven
5,000+
npm
4,054
NuGet
723
pip
3,845
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

92 advisories

Loading
CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic... High Unreviewed
CVE-2022-33756 was published Jun 17, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An... Moderate Unreviewed
CVE-2022-27221 was published Jun 15, 2022
Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness Critical Unreviewed
CVE-2013-2260 was published May 24, 2022
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the... High Unreviewed
CVE-2020-25926 was published May 24, 2022
A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all... Critical Unreviewed
CVE-2021-22727 was published May 24, 2022
Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce. Critical Unreviewed
CVE-2021-33027 was published May 24, 2022
A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit... Moderate Unreviewed
CVE-2021-3505 was published May 24, 2022
The authentication implementation on the xArm controller has very low entropy, making it... High Unreviewed
CVE-2020-10285 was published May 24, 2022
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before... High Unreviewed
CVE-2020-11957 was published May 24, 2022
It's possible that an authenticated user guess other session IDs based on its own. Also it's... Moderate Unreviewed
CVE-2020-1773 was published May 24, 2022
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library... Moderate Unreviewed
CVE-2019-10064 was published May 24, 2022
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1 and below for device not... Low Unreviewed
CVE-2019-15703 was published May 24, 2022
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple... High Unreviewed
CVE-2019-15847 was published May 24, 2022
Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for... High Unreviewed
CVE-2012-4687 was published May 17, 2022
Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it... High Unreviewed
CVE-2014-0691 was published May 17, 2022
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token... High Unreviewed
CVE-2018-10240 was published May 14, 2022
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local... Moderate Unreviewed
CVE-2017-2626 was published May 14, 2022
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide... Moderate Unreviewed
CVE-2018-8435 was published May 13, 2022
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with... High Unreviewed
CVE-2017-0897 was published May 13, 2022
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The... High Unreviewed
CVE-2017-13992 was published May 13, 2022
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys... Moderate Unreviewed
CVE-2017-2625 was published May 13, 2022
Lemur uses static IV per key High
CVE-2015-7764 was published for lemur (pip) May 13, 2022
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys... High Unreviewed
CVE-2015-3405 was published May 13, 2022
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying... Moderate Unreviewed
CVE-2016-2564 was published May 13, 2022
Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK... Moderate Unreviewed
CVE-2019-9555 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database