Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,401
Maven
5,000+
npm
4,045
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

131 advisories

Loading
Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The... Moderate Unreviewed
CVE-2025-40924 was published Jul 17, 2025
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce... Moderate Unreviewed
CVE-2025-40919 was published Jul 16, 2025
Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce... Moderate Unreviewed
CVE-2025-40918 was published Jul 16, 2025
Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The... High Unreviewed
CVE-2025-40923 was published Jul 16, 2025
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation Critical
CVE-2024-29868 was published for org.apache.streampipes:streampipes-resource-management (Maven) Jun 24, 2024
oscerd
An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that... Critical Unreviewed
CVE-2022-44796 was published Nov 7, 2022
Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for... Critical Unreviewed
CVE-2025-40916 was published Jun 16, 2025
Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default... Moderate Unreviewed
CVE-2025-2814 was published Apr 13, 2025
Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF... High Unreviewed
CVE-2025-40915 was published Jun 11, 2025
Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content Low
CVE-2025-46653 was published for formidable (npm) Apr 26, 2025
qwilr-altonius diego-santacruz
The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient... High Unreviewed
CVE-2024-7315 was published Oct 2, 2024
D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random... Moderate Unreviewed
CVE-2022-42159 was published Oct 14, 2022
Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy... High Unreviewed
CVE-2025-1860 was published Mar 28, 2025
Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets. ... Moderate Unreviewed
CVE-2024-58135 was published May 3, 2025
An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs... High Unreviewed
CVE-2017-17845 was published May 14, 2022
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time... High Unreviewed
CVE-2016-10180 was published May 13, 2022
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not... High Unreviewed
CVE-2017-5493 was published May 13, 2022
Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs ... Critical Unreviewed
CVE-2025-3495 was published Apr 16, 2025
Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed
CVE-2024-56370 was published Apr 5, 2025
In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image... Critical Unreviewed
CVE-2025-32754 was published Apr 10, 2025
In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation... Critical Unreviewed
CVE-2025-32755 was published Apr 10, 2025
The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces... High Unreviewed
CVE-2009-3238 was published May 2, 2022
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random... High Unreviewed
CVE-2008-0166 was published May 1, 2022
The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong... Moderate Unreviewed
CVE-2024-56830 was published Jan 2, 2025
WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed
CVE-2024-52322 was published Apr 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database