GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
248 advisories
Filter by severity
The token generator in index.php in Centreon Web before 2.8.27 is predictable.
Moderate
Unreviewed
CVE-2019-17105
was published
May 24, 2022
Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap...
Critical
Unreviewed
CVE-2019-2294
was published
May 24, 2022
Use of Insufficiently Random Values in Apereo CAS
High
CVE-2019-10754
was published
for
org.apereo.cas:cas-server-core-services-api
(Maven)
May 24, 2022
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include...
Moderate
Unreviewed
CVE-2019-1549
was published
May 24, 2022
Magento 2 Community Edition Cryptographic Flaw
High
CVE-2019-7886
was published
for
magento/community-edition
(Composer)
May 24, 2022
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while...
Moderate
Unreviewed
CVE-2019-12821
was published
May 24, 2022
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap...
Moderate
Unreviewed
CVE-2019-1010025
was published
May 24, 2022
Prima Systems FlexAir devices allow unauthenticated download of the database configuration backup...
Critical
Unreviewed
CVE-2019-7667
was published
May 24, 2022
The doAirdrop function of a smart contract implementation for Primeo (PEO), an Ethereum token,...
Moderate
Unreviewed
CVE-2018-18425
was published
May 24, 2022
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of...
High
Unreviewed
CVE-2019-6821
was published
May 24, 2022
golang.org/x/crypto/salsa20/salsa uses insufficiently random values
Moderate
CVE-2019-11840
was published
for
golang.org/x/crypto
(Go)
May 24, 2022
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which...
Moderate
Unreviewed
CVE-2019-11690
was published
May 24, 2022
Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including...
High
Unreviewed
CVE-2019-11641
was published
May 24, 2022
Insecure PRNG use in random_password_generator
High
CVE-2019-25061
was published
for
random_password_generator
(RubyGems)
May 19, 2022
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp...
Critical
Unreviewed
CVE-2014-6311
was published
May 17, 2022
The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy...
Moderate
Unreviewed
CVE-2008-5162
was published
May 17, 2022
Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it...
Moderate
Unreviewed
CVE-2008-4905
was published
May 17, 2022
MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded...
Moderate
Unreviewed
CVE-2008-4929
was published
May 17, 2022
Fat Free CRM has fixed token value
Moderate
CVE-2013-7222
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces
Moderate
CVE-2013-4347
was published
for
oauth2
(pip)
May 17, 2022
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which...
High
Unreviewed
CVE-2016-5085
was published
May 17, 2022
Froxlor guessable password reset token
Critical
CVE-2016-5100
was published
for
froxlor/froxlor
(Composer)
May 17, 2022
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random...
Moderate
Unreviewed
CVE-2015-9019
was published
May 17, 2022
A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen...
High
Unreviewed
CVE-2017-7901
was published
May 17, 2022
PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote...
High
Unreviewed
CVE-2017-10874
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API