Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

58 advisories

Loading
Use of Insufficiently Random Values in penggle:kaptcha Critical
CVE-2018-18531 was published for com.github.penggle:kaptcha (Maven) Oct 23, 2018
Insecure randomness in socket.io High
CVE-2017-16031 was published for socket.io (npm) Nov 7, 2018
Improper random number generation in github.com/coredns/coredns Moderate
GHSA-gv9j-4w24-q7vx was published for github.com/coredns/coredns (Go) Mar 1, 2022
Predictable CSRF tokens in centreon/centreon Moderate
CVE-2021-28055 was published for centreon/centreon (Composer) Jun 8, 2021
Weak private key generation in SSH.NET Moderate
CVE-2022-29245 was published for SSH.NET (NuGet) Jun 1, 2022
yaumn-synacktiv
otp-generator before v3.0.0 insecurely generates random one-time passwords Critical
CVE-2021-23451 was published for otp-generator (npm) Jul 26, 2022
Spring Security uses insufficiently random values Moderate
CVE-2019-3795 was published for org.springframework.security:spring-security-core (Maven) Apr 16, 2019
Use of unclaimed s3 bucket in tests and examples Moderate
CVE-2022-36022 was published for org.deeplearning4j:dl4j-examples (Maven) Nov 10, 2022
draco1725
Ratpack's default client side session signing key is highly predictable Moderate
CVE-2021-29480 was published for io.ratpack:ratpack-session (Maven) Jul 1, 2021
JLLeitschuh
Cryptographically weak PRNG in `utils.generateUUID` Critical
CVE-2022-36045 was published for nodebb (npm) Aug 30, 2022
HakuPiku
Use of Insufficiently Random Values in Apereo CAS High
CVE-2019-10754 was published for org.apereo.cas:cas-server-core-services-api (Maven) May 24, 2022
Fastly Compute@Edge JS Runtime has fixed random number seed during compilation High
CVE-2022-39218 was published for @fastly/js-compute (npm) Sep 20, 2022
JakeChampion
DNS NuGet package uses insufficiently random values Critical
CVE-2021-4248 was published for DNS (NuGet) Dec 18, 2022
Predictable password in Keycloak Critical
CVE-2020-1731 was published for org.keycloak:keycloak-core (Maven) Apr 15, 2020
Insufficient Nonce Validation in Eclipse Milo Client High
CVE-2019-19135 was published for org.eclipse.milo:sdk-client (Maven) Mar 16, 2020
Insufficient Entropy in Spring Security Moderate
CVE-2020-5408 was published for org.springframework.security:spring-security-core (Maven) Jun 15, 2020
Weak JSON Web Token in yapi-vendor Moderate
CVE-2021-27884 was published for yapi-vendor (npm) Mar 26, 2021
Cryptographically weak CSRF tokens in Apache MyFaces High
CVE-2021-26296 was published for org.apache.myfaces.core:myfaces-core-module (Maven) Jun 16, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-dev Moderate
CVE-2021-3692 was published for yiisoft/yii2-dev (Composer) Sep 1, 2021
Use of Insufficiently Random Values in yiisoft/yii2-dev High
CVE-2021-3689 was published for yiisoft/yii2-dev (Composer) Sep 1, 2021
Predictable SIF UUID Identifiers in github.com/sylabs/sif High
CVE-2021-29499 was published for github.com/sylabs/sif (Go) May 18, 2021
Rancher cattle-token is predictable High
CVE-2022-43755 was published for github.com/rancher/rancher (Go) Jan 25, 2023
Lemur subject to insecure random generation Low
GHSA-5fqv-mpj8-h7gm was published for lemur (pip) Mar 1, 2023
kjsman
Insecure PRNG use in random_password_generator High
CVE-2019-25061 was published for random_password_generator (RubyGems) May 19, 2022
Incorrect check on buffer length in rand_core Critical
CVE-2021-27378 was published for rand_core (Rust) Aug 25, 2021
rillian
ProTip! Advisories are also available from the GraphQL API