Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

104 advisories

Loading
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32... Critical Unreviewed
CVE-2025-22376 was published Jan 4, 2025
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN... Critical Unreviewed
CVE-2024-40762 was published Jan 9, 2025
Guzzle OAuth Subscriber has insufficient nonce entropy Moderate
CVE-2025-21617 was published for guzzlehttp/oauth-subscriber (Composer) Jan 6, 2025
psyker156
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a... Moderate Unreviewed
CVE-2002-20002 was published Jan 2, 2025
The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong... Moderate Unreviewed
CVE-2024-56830 was published Jan 2, 2025
The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand()... High Unreviewed
CVE-2018-25107 was published Dec 29, 2024
Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the... Moderate Unreviewed
CVE-2024-53702 was published Dec 5, 2024
tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand... Moderate Unreviewed
CVE-2024-45751 was published Sep 6, 2024
An HTTP digest authentication nonce value was generated using `rand()` which could lead to... Moderate Unreviewed
CVE-2024-4772 was published May 14, 2024
Withdrawn Advisory: go-mysql affected by go.uuid's Predictable UUID Identifiers Critical
GHSA-rc7v-65v6-m2v3 was published for github.com/go-mysql-org/go-mysql (Go) Oct 28, 2024 withdrawn
Fidget-Grep
Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware)... Low Unreviewed
CVE-2023-31305 was published Aug 13, 2024
An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information... Moderate Unreviewed
CVE-2023-50059 was published Apr 30, 2024
Passeo uses insecure random number generator High
CVE-2022-23472 was published for Passeo (pip) Dec 6, 2022
Bluenix2 ArjunSharda
The goTenna Pro series does not use SecureRandom when generating its cryptographic keys. The... High Unreviewed
CVE-2024-47126 was published Sep 26, 2024
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG High
CVE-2019-11842 was published for matrix-sydent (pip) May 24, 2022
westonsteimel
The goTenna Pro ATAK Plugin does not use SecureRandom when generating its cryptographic keys.... High Unreviewed
CVE-2024-45723 was published Sep 26, 2024
go.uuid has Predictable UUID Identifiers Critical
CVE-2021-3538 was published for github.com/satori/go.uuid (Go) Feb 7, 2023
Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to... High Unreviewed
CVE-2021-34600 was published Jan 21, 2022
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation Critical
CVE-2024-29868 was published for org.apache.streampipes:streampipes-resource-management (Maven) Jun 24, 2024
oscerd
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time... High Unreviewed
CVE-2016-10180 was published May 13, 2022
Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography. High Unreviewed
CVE-2024-34538 was published May 6, 2024
RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed ... High Unreviewed
CVE-2024-25389 was published Mar 27, 2024
stormpath/sdk uses Insecure Random Number Generator Moderate
GHSA-q8fc-v85f-78pw was published for stormpath/sdk (Composer) May 29, 2024
Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative... Moderate Unreviewed
CVE-2024-5264 was published May 23, 2024
An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate... High Unreviewed
CVE-2023-27791 was published Oct 19, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database