GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
25 advisories
Filter by severity
Insecure random string generator used for sensitive data
High
CVE-2023-46740
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
pyrad is vulnerable to the use of Insufficiently Random Values
High
CVE-2013-0294
was published
for
pyrad
(pip)
May 5, 2022
pyftpdlib Use of Insufficiently Random Values of port selection on PASV command
High
CVE-2007-6738
was published
for
pyftpdlib
(pip)
May 1, 2022
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption
High
CVE-2023-48056
was published
for
pypinksign
(pip)
Nov 16, 2023
Lemur subject to insecure random generation
High
CVE-2023-30797
was published
for
lemur
(pip)
Mar 1, 2023
Duplicate Advisory: Lemur subject to insecure random generation
High
GHSA-r4xg-4wrv-w72h
was published
for
lemur
(pip)
Apr 19, 2023
•
withdrawn
Matrix Synapse Predictable Secret Key
High
CVE-2019-5885
was published
for
matrix-synapse
(pip)
May 13, 2022
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
High
GHSA-xg9w-r469-m455
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Magento 2 Community Edition Cryptographic Flaw
High
CVE-2019-7886
was published
for
magento/community-edition
(Composer)
May 24, 2022
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
High
CVE-2020-2099
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Magento LTS's guest order "protect code" can be brute-forced too easily
High
CVE-2023-41879
was published
for
openmage/magento-lts
(Composer)
Sep 11, 2023
Aescrypt does not sufficiently use random values
High
CVE-2013-7463
was published
for
aescrypt
(RubyGems)
Oct 24, 2017
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0
High
CVE-2022-31157
was published
for
packbackbooks/lti-1-3-php-library
(Composer)
Jul 15, 2022
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
High
CVE-2022-31034
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Use of Hard-coded Credentials in Apache Kylin
High
CVE-2021-45458
was published
for
org.apache.kylin:kylin
(Maven)
Jan 8, 2022
Improper file handling in concrete5/core
High
CVE-2021-22968
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Insecure PRNG use in random_password_generator
High
CVE-2019-25061
was published
for
random_password_generator
(RubyGems)
May 19, 2022
Rancher cattle-token is predictable
High
CVE-2022-43755
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Predictable SIF UUID Identifiers in github.com/sylabs/sif
High
CVE-2021-29499
was published
for
github.com/sylabs/sif
(Go)
May 18, 2021
Use of Insufficiently Random Values in yiisoft/yii2-dev
High
CVE-2021-3689
was published
for
yiisoft/yii2-dev
(Composer)
Sep 1, 2021
Cryptographically weak CSRF tokens in Apache MyFaces
High
CVE-2021-26296
was published
for
org.apache.myfaces.core:myfaces-core-module
(Maven)
Jun 16, 2021
Insufficient Nonce Validation in Eclipse Milo Client
High
CVE-2019-19135
was published
for
org.eclipse.milo:sdk-client
(Maven)
Mar 16, 2020
Fastly Compute@Edge JS Runtime has fixed random number seed during compilation
High
CVE-2022-39218
was published
for
@fastly/js-compute
(npm)
Sep 20, 2022
Use of Insufficiently Random Values in Apereo CAS
High
CVE-2019-10754
was published
for
org.apereo.cas:cas-server-core-services-api
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API