GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
69 advisories
Filter by severity
It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys,...
Moderate
Unreviewed
CVE-2008-3280
was published
Apr 21, 2022
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart,...
Critical
Unreviewed
CVE-2011-4574
was published
Apr 22, 2022
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to...
High
Unreviewed
CVE-2022-20817
was published
Jun 16, 2022
OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token...
High
Unreviewed
CVE-2022-33738
was published
Jul 7, 2022
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number...
Moderate
Unreviewed
CVE-2022-41210
was published
Oct 12, 2022
An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config...
Moderate
Unreviewed
CVE-2019-15075
was published
May 24, 2022
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo...
Low
Unreviewed
CVE-2020-6616
was published
May 24, 2022
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset...
Critical
Unreviewed
CVE-2020-28642
was published
May 24, 2022
An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that...
Critical
Unreviewed
CVE-2022-44796
was published
Nov 7, 2022
BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate...
Moderate
Unreviewed
CVE-2021-29245
was published
May 24, 2022
Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R)...
Moderate
Unreviewed
CVE-2021-0131
was published
May 24, 2022
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
High
Unreviewed
CVE-2021-37553
was published
May 24, 2022
A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to...
Low
Unreviewed
CVE-2021-3047
was published
May 24, 2022
profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can...
High
Unreviewed
CVE-2022-40769
was published
Sep 19, 2022
D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random...
Moderate
Unreviewed
CVE-2022-42159
was published
Oct 14, 2022
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not...
High
Unreviewed
CVE-2017-5493
was published
May 13, 2022
Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3...
High
Unreviewed
CVE-2017-8081
was published
May 13, 2022
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650,...
High
Unreviewed
CVE-2018-11291
was published
May 13, 2022
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU...
High
Unreviewed
CVE-2018-11290
was published
May 13, 2022
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU...
Moderate
Unreviewed
CVE-2018-5871
was published
May 13, 2022
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650,...
High
Unreviewed
CVE-2018-5837
was published
May 13, 2022
The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum...
High
Unreviewed
CVE-2018-15552
was published
May 13, 2022
The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling...
High
Unreviewed
CVE-2018-12056
was published
May 14, 2022
The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum...
High
Unreviewed
CVE-2018-17071
was published
May 14, 2022
The random() function of the smart contract implementation for CryptoSaga, an Ethereum game,...
High
Unreviewed
CVE-2018-12975
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API