Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

104 advisories

Loading
Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it... Moderate Unreviewed
CVE-2008-4905 was published May 17, 2022
Use of Insufficiently Random Values in github.com/greenpau/caddy-security Moderate
CVE-2024-21495 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e... Moderate Unreviewed
CVE-2008-2020 was published May 1, 2022
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0... Moderate Unreviewed
CVE-2009-0255 was published May 2, 2022
MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded... Moderate Unreviewed
CVE-2008-4929 was published May 17, 2022
The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy... Moderate Unreviewed
CVE-2008-5162 was published May 17, 2022
React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might... Moderate Unreviewed
CVE-2020-12270 was published May 24, 2022
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap... Moderate Unreviewed
CVE-2019-1010025 was published May 24, 2022
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which... Moderate Unreviewed
CVE-2019-11690 was published May 24, 2022
The doAirdrop function of a smart contract implementation for Primeo (PEO), an Ethereum token,... Moderate Unreviewed
CVE-2018-18425 was published May 24, 2022
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while... Moderate Unreviewed
CVE-2019-12821 was published May 24, 2022
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include... Moderate Unreviewed
CVE-2019-1549 was published May 24, 2022
The token generator in index.php in Centreon Web before 2.8.27 is predictable. Moderate Unreviewed
CVE-2019-17105 was published May 24, 2022
An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of... Moderate Unreviewed
CVE-2018-19441 was published May 24, 2022
Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow... Moderate Unreviewed
CVE-2022-43485 was published Jul 6, 2023
Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R... Moderate Unreviewed
CVE-2023-24478 was published Aug 15, 2023
Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S,... Moderate Unreviewed
CVE-2022-26080 was published Jul 6, 2023
The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up... Moderate Unreviewed
CVE-2024-5149 was published Jun 5, 2024
Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow... Moderate Unreviewed
CVE-2024-42165 was published Aug 12, 2024
A vulnerability, which was classified as problematic, was found in projectsend up to r1605.... Moderate Unreviewed
CVE-2024-7659 was published Aug 12, 2024
Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection... Moderate Unreviewed
CVE-2024-6348 was published Aug 19, 2024
Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow... Moderate Unreviewed
CVE-2024-42164 was published Aug 12, 2024
Insufficiently random values in Ansible Moderate
CVE-2020-10729 was published for ansible (pip) Jun 15, 2021
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure... Moderate Unreviewed
CVE-2024-22473 was published Feb 21, 2024
SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces Moderate
CVE-2013-4347 was published for oauth2 (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database