GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
79 advisories
Filter by severity
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation...
High
Unreviewed
CVE-2022-29808
was published
Aug 3, 2022
LibreOffice supports the storage of passwords for web connections in the user’s configuration...
High
Unreviewed
CVE-2022-26306
was published
Jul 26, 2022
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0
High
CVE-2022-31157
was published
for
packbackbooks/lti-1-3-php-library
(Composer)
Jul 15, 2022
Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of...
High
Unreviewed
CVE-2022-32284
was published
Jul 5, 2022
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
High
CVE-2022-31034
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values...
High
Unreviewed
CVE-2022-23138
was published
Jun 10, 2022
Persistent platform private key may not be protected with a random IV leading to a potential “two...
High
Unreviewed
CVE-2021-26322
was published
May 24, 2022
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then...
High
Unreviewed
CVE-2021-22038
was published
May 24, 2022
An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow...
High
Unreviewed
CVE-2021-26098
was published
May 24, 2022
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password...
High
Unreviewed
CVE-2020-13860
was published
May 24, 2022
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol...
High
Unreviewed
CVE-2020-27264
was published
May 24, 2022
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon...
High
Unreviewed
CVE-2020-1472
was published
May 24, 2022
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector...
High
Unreviewed
CVE-2020-11877
was published
May 24, 2022
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
High
CVE-2020-2099
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Use of Insufficiently Random Values in Apereo CAS
High
CVE-2019-10754
was published
for
org.apereo.cas:cas-server-core-services-api
(Maven)
May 24, 2022
Magento 2 Community Edition Cryptographic Flaw
High
CVE-2019-7886
was published
for
magento/community-edition
(Composer)
May 24, 2022
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of...
High
Unreviewed
CVE-2019-6821
was published
May 24, 2022
Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including...
High
Unreviewed
CVE-2019-11641
was published
May 24, 2022
Insecure PRNG use in random_password_generator
High
CVE-2019-25061
was published
for
random_password_generator
(RubyGems)
May 19, 2022
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which...
High
Unreviewed
CVE-2016-5085
was published
May 17, 2022
A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen...
High
Unreviewed
CVE-2017-7901
was published
May 17, 2022
PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote...
High
Unreviewed
CVE-2017-10874
was published
May 17, 2022
Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide...
High
Unreviewed
CVE-2022-30782
was published
May 17, 2022
The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum...
High
Unreviewed
CVE-2018-17987
was published
May 14, 2022
In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure...
High
Unreviewed
CVE-2019-1997
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API