Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
Insecure random number generation in keypair High
CVE-2021-41117 was published for keypair (npm) Oct 11, 2021
vcsjones
A flaw in the previous versions of the product may allow an authenticated attacker the ability to... High Unreviewed
CVE-2021-42810 was published Jan 20, 2022
Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to... High Unreviewed
CVE-2021-34600 was published Jan 21, 2022
Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo... High Unreviewed
CVE-2016-3735 was published Jan 29, 2022
Cryptographic Issues in ECK High
CVE-2020-7010 was published for github.com/elastic/cloud-on-k8s (Go) Feb 15, 2022
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number... Critical Unreviewed
CVE-2022-26852 was published Apr 9, 2022
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. Critical Unreviewed
CVE-2012-1577 was published Apr 23, 2022
In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang... Critical Unreviewed
CVE-2019-10908 was published May 13, 2022
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time... High Unreviewed
CVE-2016-10180 was published May 13, 2022
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG... Critical Unreviewed
CVE-2018-1426 was published May 13, 2022
passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin... Critical Unreviewed
CVE-2017-11519 was published May 13, 2022
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows... High Unreviewed
CVE-2017-5214 was published May 13, 2022
An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of... High Unreviewed
CVE-2018-12520 was published May 13, 2022
Insecure PRNG use in random_password_generator High
CVE-2019-25061 was published for random_password_generator (RubyGems) May 19, 2022
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random... Moderate Unreviewed
CVE-2018-12384 was published May 24, 2022
Couchbase Server 5.1.1 generates insufficiently random numbers. The product hosts many network... Critical Unreviewed
CVE-2019-11495 was published May 24, 2022
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. High Unreviewed
CVE-2020-13784 was published May 24, 2022
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in... Critical Unreviewed
CVE-2020-10256 was published May 24, 2022
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the... High Unreviewed
CVE-2020-11616 was published May 24, 2022
A predictable seed vulnerability exists in the password reset functionality of Epignosis... High Unreviewed
CVE-2020-28597 was published May 24, 2022
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could... High Unreviewed
CVE-2021-31922 was published May 24, 2022
Fastly Compute@Edge JS Runtime has fixed random number seed during compilation High
CVE-2022-39218 was published for @fastly/js-compute (npm) Sep 20, 2022
JakeChampion
Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric... Critical Unreviewed
CVE-2022-40267 was published Jan 20, 2023
Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number... Critical Unreviewed
CVE-2023-4472 was published Feb 2, 2024
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the... Unknown Unreviewed
CVE-2024-27632 was published Apr 9, 2024
ProTip! Advisories are also available from the GraphQL API