Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

249 advisories

Loading
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT ... Critical Unreviewed
CVE-2022-26647 was published Jul 13, 2022
The password reset token in CWP v0.9.8.1126 is generated using known or predictable values. Moderate Unreviewed
CVE-2022-25047 was published Jul 8, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, ... Critical Unreviewed
CVE-2020-35163 was published Jul 12, 2022
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random... Moderate Unreviewed
CVE-2015-9019 was published May 17, 2022
otp-generator before v3.0.0 insecurely generates random one-time passwords Critical
CVE-2021-23451 was published for otp-generator (npm) Jul 26, 2022
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1... High Unreviewed
CVE-2022-30629 was published Aug 11, 2022
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which... High Unreviewed
CVE-2016-5085 was published May 17, 2022
Spring Security uses insufficiently random values Moderate
CVE-2019-3795 was published for org.springframework.security:spring-security-core (Maven) Apr 16, 2019
A vulnerability, which was classified as problematic, has been found in fredsmith utils. This... Moderate Unreviewed
CVE-2021-4277 was published Dec 25, 2022
Use of unclaimed s3 bucket in tests and examples Moderate
CVE-2022-36022 was published for org.deeplearning4j:dl4j-examples (Maven) Nov 10, 2022
draco1725
A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1.... Moderate Unreviewed
CVE-2022-3959 was published Nov 11, 2022
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of... High Unreviewed
CVE-2019-6821 was published May 24, 2022
ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used... Moderate Unreviewed
CVE-2022-38970 was published Sep 27, 2022
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device... Moderate Unreviewed
CVE-2019-18282 was published May 24, 2022
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in... Moderate Unreviewed
CVE-2020-7241 was published May 24, 2022
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier... Low Unreviewed
CVE-2020-8631 was published May 24, 2022
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2... Moderate Unreviewed
CVE-2020-1759 was published May 24, 2022
Ratpack's default client side session signing key is highly predictable Moderate
CVE-2021-29480 was published for io.ratpack:ratpack-session (Maven) Jul 1, 2021
JLLeitschuh
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of... Moderate Unreviewed
CVE-2020-13817 was published May 24, 2022
The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the... Moderate Unreviewed
CVE-2020-10274 was published May 24, 2022
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain... Moderate Unreviewed
CVE-2020-16166 was published May 24, 2022
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that... Critical Unreviewed
CVE-2020-25705 was published May 24, 2022
An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict... Critical Unreviewed
CVE-2022-30935 was published Sep 29, 2022
A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and... Critical Unreviewed
CVE-2020-7548 was published May 24, 2022
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password... High Unreviewed
CVE-2020-13860 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database