Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

249 advisories

Loading
Fat Free CRM has fixed token value Moderate
CVE-2013-7222 was published for fat_free_crm (RubyGems) May 17, 2022
A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All... Moderate Unreviewed
CVE-2021-25677 was published May 24, 2022
miekg/dns insecurely generates random numbers Moderate
CVE-2019-19794 was published for github.com/miekg/dns (Go) May 18, 2021
Cryptographically Weak PRNG in randomatic Moderate
CVE-2017-16028 was published for randomatic (npm) Oct 9, 2018
OrientDB Server Community Edition uses insufficiently random values to generate session IDs Moderate
CVE-2015-2913 was published for com.orientechnologies:orientdb-server (Maven) Oct 18, 2018
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. Moderate Unreviewed
CVE-2022-1615 was published Sep 2, 2022
golang.org/x/crypto/salsa20/salsa uses insufficiently random values Moderate
CVE-2019-11840 was published for golang.org/x/crypto (Go) May 24, 2022
An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface... Moderate Unreviewed
CVE-2020-17470 was published May 24, 2022
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This... Low Unreviewed
CVE-2023-2418 was published Apr 29, 2023
A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster... Low Unreviewed
CVE-2023-3803 was published Jul 21, 2023
Magento LTS's guest order "protect code" can be brute-forced too easily High
CVE-2023-41879 was published for openmage/magento-lts (Composer) Sep 11, 2023
theroch fballiano
colinmollenhour
Henschen & Associates court document management software does not sufficiently randomize file... Moderate Unreviewed
CVE-2023-6376 was published Nov 30, 2023
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins High
CVE-2020-2099 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
reNgine through 0.5 relies on a predictable directory name. Critical Unreviewed
CVE-2021-38606 was published May 24, 2022
In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This... Moderate Unreviewed
CVE-2023-32831 was published Jan 2, 2024
Functions with insufficient randomness were used to generate authorization tokens of the... High Unreviewed
CVE-2023-26451 was published Aug 2, 2023
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000... High Unreviewed
CVE-2023-20185 was published Jul 12, 2023
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC)... Moderate Unreviewed
CVE-2022-20941 was published Nov 16, 2022
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session.... Moderate Unreviewed
CVE-2024-23688 was published Jan 20, 2024
TYPO3 is vulnerable to Insecure randomness in uniqid function Moderate
CVE-2010-3666 was published for typo3/cms-install (Composer) Apr 21, 2022
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of... High Unreviewed
CVE-2008-0141 was published May 1, 2022
Magento 2 Community Edition Cryptographic Flaw High
CVE-2019-7886 was published for magento/community-edition (Composer) May 24, 2022
Jetty Uses Predictable Session Identifiers Moderate
CVE-2006-6969 was published for org.eclipse.jetty:jetty-server (Maven) May 1, 2022
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2024-0761 was published Feb 6, 2024
The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2,... High Unreviewed
CVE-2008-3612 was published May 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database