Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

84 advisories

Loading
Fastly Compute@Edge JS Runtime has fixed random number seed during compilation High
CVE-2022-39218 was published for @fastly/js-compute (npm) Sep 20, 2022
JakeChampion
Apache OpenOffice supports the storage of passwords for web connections in the user's... High Unreviewed
CVE-2022-37400 was published Aug 16, 2022
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1... High Unreviewed
CVE-2022-30629 was published Aug 11, 2022
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation... High Unreviewed
CVE-2022-29808 was published Aug 3, 2022
LibreOffice supports the storage of passwords for web connections in the user’s configuration... High Unreviewed
CVE-2022-26306 was published Jul 26, 2022
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0 High
CVE-2022-31157 was published for packbackbooks/lti-1-3-php-library (Composer) Jul 15, 2022
Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of... High Unreviewed
CVE-2022-32284 was published Jul 5, 2022
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params High
CVE-2022-31034 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
crenshaw-dev jgwest
AdamKorcz DavidKorczynski
ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values... High Unreviewed
CVE-2022-23138 was published Jun 10, 2022
Persistent platform private key may not be protected with a random IV leading to a potential “two... High Unreviewed
CVE-2021-26322 was published May 24, 2022
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then... High Unreviewed
CVE-2021-22038 was published May 24, 2022
An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow... High Unreviewed
CVE-2021-26098 was published May 24, 2022
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password... High Unreviewed
CVE-2020-13860 was published May 24, 2022
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol... High Unreviewed
CVE-2020-27264 was published May 24, 2022
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon... High Unreviewed
CVE-2020-1472 was published May 24, 2022
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector... High Unreviewed
CVE-2020-11877 was published May 24, 2022
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins High
CVE-2020-2099 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Use of Insufficiently Random Values in Apereo CAS High
CVE-2019-10754 was published for org.apereo.cas:cas-server-core-services-api (Maven) May 24, 2022
Magento 2 Community Edition Cryptographic Flaw High
CVE-2019-7886 was published for magento/community-edition (Composer) May 24, 2022
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of... High Unreviewed
CVE-2019-6821 was published May 24, 2022
Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including... High Unreviewed
CVE-2019-11641 was published May 24, 2022
Insecure PRNG use in random_password_generator High
CVE-2019-25061 was published for random_password_generator (RubyGems) May 19, 2022
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which... High Unreviewed
CVE-2016-5085 was published May 17, 2022
A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen... High Unreviewed
CVE-2017-7901 was published May 17, 2022
PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote... High Unreviewed
CVE-2017-10874 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database