Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,427
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Guzzle OAuth Subscriber has insufficient nonce entropy Moderate
CVE-2025-21617 was published for guzzlehttp/oauth-subscriber (Composer) Jan 6, 2025
psyker156
The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong... Moderate Unreviewed
CVE-2024-56830 was published Jan 2, 2025
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a... Moderate Unreviewed
CVE-2002-20002 was published Jan 2, 2025
Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the... Moderate Unreviewed
CVE-2024-53702 was published Dec 5, 2024
tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand... Moderate Unreviewed
CVE-2024-45751 was published Sep 6, 2024
stormpath/sdk uses Insecure Random Number Generator Moderate
GHSA-q8fc-v85f-78pw was published for stormpath/sdk (Composer) May 29, 2024
Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative... Moderate Unreviewed
CVE-2024-5264 was published May 23, 2024
An HTTP digest authentication nonce value was generated using `rand()` which could lead to... Moderate Unreviewed
CVE-2024-4772 was published May 14, 2024
An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information... Moderate Unreviewed
CVE-2023-50059 was published Apr 30, 2024
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This ... Moderate Unreviewed
CVE-2023-45237 was published Jan 16, 2024
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This ... Moderate Unreviewed
CVE-2023-45236 was published Jan 16, 2024
An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle.... Moderate Unreviewed
CVE-2023-34363 was published Jun 9, 2023
Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183,... Moderate Unreviewed
CVE-2023-31290 was published Apr 27, 2023
D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random... Moderate Unreviewed
CVE-2022-42159 was published Oct 14, 2022
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number... Moderate Unreviewed
CVE-2022-41210 was published Oct 12, 2022
Weak private key generation in SSH.NET Moderate
CVE-2022-29245 was published for SSH.NET (NuGet) Jun 1, 2022
yaumn-synacktiv
Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R)... Moderate Unreviewed
CVE-2021-0131 was published May 24, 2022
BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate... Moderate Unreviewed
CVE-2021-29245 was published May 24, 2022
An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config... Moderate Unreviewed
CVE-2019-15075 was published May 24, 2022
Magento 2 Community Weak PRNG Moderate
CVE-2019-8113 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Cryptographic Flaw Moderate
CVE-2019-7855 was published for magento/community-edition (Composer) May 24, 2022
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler... Moderate Unreviewed
CVE-2017-11671 was published May 14, 2022
Apache Syncope uses a weak PNRG Moderate
CVE-2014-3503 was published for org.apache.syncope:syncope (Maven) May 14, 2022
The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game,... Moderate Unreviewed
CVE-2018-12885 was published May 14, 2022
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU... Moderate Unreviewed
CVE-2018-5871 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database