GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,393
Composer 4,825
Erlang 36
GitHub Actions 32
Go 2,417
Maven 5,811
npm 4,054
NuGet 723
pip 3,845
Pub 12
RubyGems 933
Rust 1,005
Swift 38

Unreviewed advisories

All unreviewed 264,914

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

62 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when... High Unreviewed

CVE-2025-50122 was published Jul 11, 2025

Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for... High Unreviewed

CVE-2012-4687 was published May 17, 2022

A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon... Moderate Unreviewed

CVE-2017-6030 was published May 13, 2022

ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with... High Unreviewed

CVE-2017-0897 was published May 13, 2022

Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying... Moderate Unreviewed

CVE-2016-2564 was published May 13, 2022

Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private... High Unreviewed

CVE-2025-29311 was published Mar 24, 2025

The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they... Moderate Unreviewed

CVE-2024-9055 was published Mar 17, 2025

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure... Moderate Unreviewed

CVE-2024-22473 was published Feb 21, 2024

Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from... Critical Unreviewed

CVE-2024-3411 was published Apr 30, 2024

Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV... High Unreviewed

CVE-2024-53522 was published Jan 7, 2025

In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect... Moderate Unreviewed

CVE-2018-9426 was published Dec 3, 2024

Chilkat before v9.5.0.98, allows attackers to obtain sensitive information via predictable PRNG... Moderate Unreviewed

CVE-2024-26329 was published Apr 5, 2024

A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature... Moderate Unreviewed

CVE-2024-20331 was published Oct 23, 2024

Eufy HomeBase 2 model T8010X v3.2.8.3h was discovered to use the deprecated wireless protocol... High Unreviewed

CVE-2023-37822 was published Oct 3, 2024

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID... Critical Unreviewed

CVE-2024-47945 was published Oct 15, 2024

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction... High Unreviewed

CVE-2024-25407 was published Feb 13, 2024

An insufficient entropy vulnerability caused by the improper use of a randomness function with... Moderate Unreviewed

CVE-2024-38270 was published Sep 10, 2024

Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper... Critical Unreviewed

CVE-2023-4344 was published Aug 15, 2023

Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex... Critical Unreviewed

CVE-2024-25730 was published Feb 24, 2024

An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor,... Moderate Unreviewed

CVE-2023-49927 was published Jun 5, 2024

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An... Moderate Unreviewed

CVE-2022-27221 was published Jun 15, 2022

An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If... Moderate Unreviewed

CVE-2023-34973 was published Aug 24, 2023

Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated,... Moderate Unreviewed

CVE-2023-38357 was published Aug 1, 2023

?The affected TBox RTUs generate software security tokens using insufficient entropy. The random... Moderate Unreviewed

CVE-2023-36610 was published Jul 3, 2023

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an... Critical Unreviewed

CVE-2023-3325 was published Jun 20, 2023

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

62 advisories