Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Guzzle OAuth Subscriber has insufficient nonce entropy Moderate
CVE-2025-21617 was published for guzzlehttp/oauth-subscriber (Composer) Jan 6, 2025
psyker156
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a... Moderate Unreviewed
CVE-2002-20002 was published Jan 2, 2025
The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong... Moderate Unreviewed
CVE-2024-56830 was published Jan 2, 2025
Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the... Moderate Unreviewed
CVE-2024-53702 was published Dec 5, 2024
tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand... Moderate Unreviewed
CVE-2024-45751 was published Sep 6, 2024
An HTTP digest authentication nonce value was generated using `rand()` which could lead to... Moderate Unreviewed
CVE-2024-4772 was published May 14, 2024
An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information... Moderate Unreviewed
CVE-2023-50059 was published Apr 30, 2024
stormpath/sdk uses Insecure Random Number Generator Moderate
GHSA-q8fc-v85f-78pw was published for stormpath/sdk (Composer) May 29, 2024
Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative... Moderate Unreviewed
CVE-2024-5264 was published May 23, 2024
An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle.... Moderate Unreviewed
CVE-2023-34363 was published Jun 9, 2023
Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183,... Moderate Unreviewed
CVE-2023-31290 was published Apr 27, 2023
A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to... Moderate Unreviewed
CVE-2012-6124 was published Apr 23, 2022
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This ... Moderate Unreviewed
CVE-2023-45236 was published Jan 16, 2024
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This ... Moderate Unreviewed
CVE-2023-45237 was published Jan 16, 2024
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the... Moderate Unreviewed
CVE-2009-3278 was published May 2, 2022
Magento 2 Community Cryptographic Flaw Moderate
CVE-2019-7855 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Weak PRNG Moderate
CVE-2019-8113 was published for magento/community-edition (Composer) May 24, 2022
Cryptographically Weak PRNG in randomatic Moderate
CVE-2017-16028 was published for randomatic (npm) Oct 9, 2018
miekg/dns insecurely generates random numbers Moderate
CVE-2019-19794 was published for github.com/miekg/dns (Go) May 18, 2021
Apache Syncope uses a weak PNRG Moderate
CVE-2014-3503 was published for org.apache.syncope:syncope (Maven) May 14, 2022
Improper random number generation in nanorand Moderate
CVE-2020-35926 was published for nanorand (Rust) Aug 25, 2021
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler... Moderate Unreviewed
CVE-2017-11671 was published May 14, 2022
The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game,... Moderate Unreviewed
CVE-2018-12885 was published May 14, 2022
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU... Moderate Unreviewed
CVE-2018-5871 was published May 13, 2022
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Moderate
CVE-2021-3990 was published for showdoc/showdoc (Composer) Dec 3, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database