Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Loading
Use of Insufficiently Random Values in penggle:kaptcha Critical
CVE-2018-18531 was published for com.github.penggle:kaptcha (Maven) Oct 23, 2018
Use of Insufficiently Random Values in Railties Allows Remote Code Execution Critical
CVE-2019-5420 was published for railties (RubyGems) Mar 13, 2019
Predictable password in Keycloak Critical
CVE-2020-1731 was published for org.keycloak:keycloak-core (Maven) Apr 15, 2020
Incorrect check on buffer length in rand_core Critical
CVE-2021-27378 was published for rand_core (Rust) Aug 25, 2021
rillian
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects... Critical Unreviewed
CVE-2022-23408 was published Jan 19, 2022
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass... Critical Unreviewed
CVE-2021-36294 was published Jan 27, 2022
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the... Critical Unreviewed
CVE-2021-20322 was published Feb 19, 2022
The Rambus SafeZone Basic Crypto Module, as used in certain Fujifilm (formerly Fuji Xerox)... Critical Unreviewed
CVE-2022-26320 was published Mar 15, 2022
Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state... Critical Unreviewed
CVE-2022-26851 was published Apr 9, 2022
The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the... Critical Unreviewed
CVE-2022-27577 was published Apr 12, 2022
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V,... Critical Unreviewed
CVE-2022-25752 was published Apr 13, 2022
Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness Critical Unreviewed
CVE-2013-4102 was published May 5, 2022
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs... Critical Unreviewed
CVE-2017-6026 was published May 13, 2022
An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric... Critical Unreviewed
CVE-2019-0729 was published May 13, 2022
Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm... Critical Unreviewed
CVE-2019-9863 was published May 13, 2022
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. Critical Unreviewed
CVE-2019-9898 was published May 13, 2022
The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary... Critical Unreviewed
CVE-2018-18602 was published May 13, 2022
The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well... Critical Unreviewed
CVE-2019-0007 was published May 13, 2022
NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that... Critical Unreviewed
CVE-2018-17888 was published May 13, 2022
A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen... Critical Unreviewed
CVE-2017-7902 was published May 13, 2022
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10... Critical Unreviewed
CVE-2017-16924 was published May 13, 2022
An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies,... Critical Unreviewed
CVE-2018-16239 was published May 13, 2022
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data ... Critical Unreviewed
CVE-2018-18375 was published May 13, 2022
Froxlor guessable password reset token Critical
CVE-2016-5100 was published for froxlor/froxlor (Composer) May 17, 2022
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp... Critical Unreviewed
CVE-2014-6311 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database