Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

81 advisories

Loading
Rancher cattle-token is predictable High
CVE-2022-43755 was published for github.com/rancher/rancher (Go) Jan 25, 2023
A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from... Low Unreviewed
CVE-2021-22799 was published Jan 29, 2022
Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it... High Unreviewed
CVE-2014-0691 was published May 17, 2022
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local... Moderate Unreviewed
CVE-2017-2626 was published May 14, 2022
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token... High Unreviewed
CVE-2018-10240 was published May 14, 2022
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide... Moderate Unreviewed
CVE-2018-8435 was published May 13, 2022
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The... High Unreviewed
CVE-2017-13992 was published May 13, 2022
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with... High Unreviewed
CVE-2017-0897 was published May 13, 2022
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying... Moderate Unreviewed
CVE-2016-2564 was published May 13, 2022
Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK... Moderate Unreviewed
CVE-2019-9555 was published May 13, 2022
A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to... Moderate Unreviewed
CVE-2021-42138 was published Dec 21, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone High
CVE-2020-28924 was published for github.com/rclone/rclone (Go) Jun 10, 2021
The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape... High Unreviewed
CVE-2014-8422 was published May 13, 2022
A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon... Moderate Unreviewed
CVE-2017-6030 was published May 13, 2022
Insufficient Entropy in DotNetNuke High
CVE-2018-15812 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
Insufficient Entropy in DotNetNuke High
CVE-2018-18326 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation... Critical Unreviewed
CVE-2021-41615 was published Aug 9, 2022
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2)... Moderate Unreviewed
CVE-2008-1447 was published May 3, 2022
An insufficient entropy vulnerability caused by the improper use of randomness sources with low... Moderate Unreviewed
CVE-2022-34746 was published Sep 21, 2022
dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot... Moderate Unreviewed
CVE-2022-33989 was published Aug 16, 2022
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the... High Unreviewed
CVE-2020-25926 was published May 24, 2022
A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all... Critical Unreviewed
CVE-2021-22727 was published May 24, 2022
Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce. Critical Unreviewed
CVE-2021-33027 was published May 24, 2022
A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit... Moderate Unreviewed
CVE-2021-3505 was published May 24, 2022
The authentication implementation on the xArm controller has very low entropy, making it... High Unreviewed
CVE-2020-10285 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database