Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

81 advisories

Loading
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide... Moderate Unreviewed
CVE-2018-8435 was published May 13, 2022
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token... High Unreviewed
CVE-2018-10240 was published May 14, 2022
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local... Moderate Unreviewed
CVE-2017-2626 was published May 14, 2022
Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it... High Unreviewed
CVE-2014-0691 was published May 17, 2022
A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from... Low Unreviewed
CVE-2021-22799 was published Jan 29, 2022
Rancher cattle-token is predictable High
CVE-2022-43755 was published for github.com/rancher/rancher (Go) Jan 25, 2023
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys... High Unreviewed
CVE-2015-3405 was published May 13, 2022
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys... Moderate Unreviewed
CVE-2017-2625 was published May 13, 2022
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local... Moderate Unreviewed
CVE-2016-2858 was published May 13, 2022
A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom... High Unreviewed
CVE-2023-20107 was published Mar 23, 2023
PHPServerMon PRNG has Insufficient Entropy Moderate
CVE-2021-4241 was published for phpservermon/phpservermon (Composer) Nov 16, 2022
Insufficient Entropy in PHPServerMon PRNG Moderate
CVE-2021-4240 was published for phpservermon/phpservermon (Composer) Nov 16, 2022
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params High
CVE-2022-31034 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
crenshaw-dev jgwest
AdamKorcz DavidKorczynski
Apache OpenOffice supports the storage of passwords for web connections in the user's... High Unreviewed
CVE-2022-37401 was published Aug 16, 2022
Pallets Werkzeug Insufficient Entropy High
CVE-2019-14806 was published for werkzeug (pip) Aug 21, 2019
It's possible that an authenticated user guess other session IDs based on its own. Also it's... Moderate Unreviewed
CVE-2020-1773 was published May 24, 2022
jose4j uses weak cryptographic algorithm High
CVE-2023-31582 was published for org.bitbucket.b_c:jose4j (Maven) Oct 25, 2023
Insufficient Entropy in cryptiles Critical
CVE-2018-1000620 was published for cryptiles (npm) Sep 11, 2018
jkmartindale
An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could... High Unreviewed
CVE-2023-31176 was published Nov 30, 2023
An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that... High Unreviewed
CVE-2023-46648 was published Dec 21, 2023
WWBN AVideo Insufficient Entropy vulnerbaility Critical
CVE-2023-49599 was published for wwbn/avideo (Composer) Jan 10, 2024
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC)... Moderate Unreviewed
CVE-2022-20941 was published Nov 16, 2022
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses... High Unreviewed
CVE-2001-0950 was published Apr 30, 2022
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit... High Unreviewed
CVE-2008-2108 was published May 1, 2022
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass... Critical Unreviewed
CVE-2021-36320 was published Nov 21, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database