GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
189 advisories
Filter by severity
Incorrect Calculation and Use of Insufficiently Random Values in Python
Moderate
Unreviewed
CVE-2020-14422
was published
May 11, 2021
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user...
High
Unreviewed
CVE-2021-24998
was published
Dec 28, 2021
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects...
Critical
Unreviewed
CVE-2022-23408
was published
Jan 19, 2022
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass...
Critical
Unreviewed
CVE-2021-36294
was published
Jan 27, 2022
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,...
High
Unreviewed
CVE-2021-26726
was published
Feb 17, 2022
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the...
Critical
Unreviewed
CVE-2021-20322
was published
Feb 19, 2022
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource,...
Moderate
Unreviewed
CVE-2022-22700
was published
Mar 4, 2022
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23...
Moderate
Unreviewed
CVE-2022-26317
was published
Mar 9, 2022
The Rambus SafeZone Basic Crypto Module, as used in certain Fujifilm (formerly Fuji Xerox)...
Critical
Unreviewed
CVE-2022-26320
was published
Mar 15, 2022
Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web...
High
Unreviewed
CVE-2021-46010
was published
Apr 1, 2022
randomUUID in Scala.js before 1.10.0 generates predictable values.
High
Unreviewed
CVE-2022-28355
was published
Apr 3, 2022
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS...
High
Unreviewed
CVE-2022-22517
was published
Apr 8, 2022
Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state...
Critical
Unreviewed
CVE-2022-26851
was published
Apr 9, 2022
The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the...
Critical
Unreviewed
CVE-2022-27577
was published
Apr 12, 2022
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't...
Moderate
Unreviewed
CVE-2022-29035
was published
Apr 12, 2022
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V,...
Critical
Unreviewed
CVE-2022-25752
was published
Apr 13, 2022
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses...
High
Unreviewed
CVE-2008-0087
was published
May 1, 2022
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of...
High
Unreviewed
CVE-2008-0141
was published
May 1, 2022
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e...
Moderate
Unreviewed
CVE-2008-2020
was published
May 1, 2022
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business...
High
Unreviewed
CVE-2008-2433
was published
May 1, 2022
The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2,...
High
Unreviewed
CVE-2008-3612
was published
May 2, 2022
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0...
Moderate
Unreviewed
CVE-2009-0255
was published
May 2, 2022
account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently...
High
Unreviewed
CVE-2009-2158
was published
May 2, 2022
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed...
Moderate
Unreviewed
CVE-2021-41993
was published
May 3, 2022
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed...
Moderate
Unreviewed
CVE-2021-41994
was published
May 3, 2022
ProTip!
Advisories are also available from the
GraphQL API