Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

253 advisories

Loading
Use of Insufficiently Random Values in github.com/greenpau/caddy-security Moderate
CVE-2024-21495 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it... Moderate Unreviewed
CVE-2008-4905 was published May 17, 2022
account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently... High Unreviewed
CVE-2009-2158 was published May 2, 2022
The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2,... High Unreviewed
CVE-2008-3612 was published May 2, 2022
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2024-0761 was published Feb 6, 2024
Jetty Uses Predictable Session Identifiers Moderate
CVE-2006-6969 was published for org.eclipse.jetty:jetty-server (Maven) May 1, 2022
Magento 2 Community Edition Cryptographic Flaw High
CVE-2019-7886 was published for magento/community-edition (Composer) May 24, 2022
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of... High Unreviewed
CVE-2008-0141 was published May 1, 2022
TYPO3 is vulnerable to Insecure randomness in uniqid function Moderate
CVE-2010-3666 was published for typo3/cms-install (Composer) Apr 21, 2022
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session.... Moderate Unreviewed
CVE-2024-23688 was published Jan 20, 2024
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC)... Moderate Unreviewed
CVE-2022-20941 was published Nov 16, 2022
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000... High Unreviewed
CVE-2023-20185 was published Jul 12, 2023
Functions with insufficient randomness were used to generate authorization tokens of the... High Unreviewed
CVE-2023-26451 was published Aug 2, 2023
In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This... Moderate Unreviewed
CVE-2023-32831 was published Jan 2, 2024
reNgine through 0.5 relies on a predictable directory name. Critical Unreviewed
CVE-2021-38606 was published May 24, 2022
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins High
CVE-2020-2099 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Henschen & Associates court document management software does not sufficiently randomize file... Moderate Unreviewed
CVE-2023-6376 was published Nov 30, 2023
Magento LTS's guest order "protect code" can be brute-forced too easily High
CVE-2023-41879 was published for openmage/magento-lts (Composer) Sep 11, 2023
theroch fballiano
colinmollenhour
A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster... Low Unreviewed
CVE-2023-3803 was published Jul 21, 2023
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This... Low Unreviewed
CVE-2023-2418 was published Apr 29, 2023
An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface... Moderate Unreviewed
CVE-2020-17470 was published May 24, 2022
golang.org/x/crypto/salsa20/salsa uses insufficiently random values Moderate
CVE-2019-11840 was published for golang.org/x/crypto (Go) May 24, 2022
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. Moderate Unreviewed
CVE-2022-1615 was published Sep 2, 2022
OrientDB Server Community Edition uses insufficiently random values to generate session IDs Moderate
CVE-2015-2913 was published for com.orientechnologies:orientdb-server (Maven) Oct 18, 2018
Cryptographically Weak PRNG in randomatic Moderate
CVE-2017-16028 was published for randomatic (npm) Oct 9, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database