GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,897
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
246 advisories
Filter by severity
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation...
High
Unreviewed
CVE-2022-29808
was published
Aug 3, 2022
LibreOffice supports the storage of passwords for web connections in the user’s configuration...
High
Unreviewed
CVE-2022-26306
was published
Jul 26, 2022
otp-generator before v3.0.0 insecurely generates random one-time passwords
Critical
CVE-2021-23451
was published
for
otp-generator
(npm)
Jul 26, 2022
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0
High
CVE-2022-31157
was published
for
packbackbooks/lti-1-3-php-library
(Composer)
Jul 15, 2022
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT ...
Critical
Unreviewed
CVE-2022-26647
was published
Jul 13, 2022
Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker...
Moderate
Unreviewed
CVE-2022-33707
was published
Jul 13, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
...
Critical
Unreviewed
CVE-2020-35163
was published
Jul 12, 2022
The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.
Moderate
Unreviewed
CVE-2022-25047
was published
Jul 8, 2022
Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of...
High
Unreviewed
CVE-2022-32284
was published
Jul 5, 2022
totd before 1.5.3 does not properly randomize mesg IDs.
Moderate
Unreviewed
CVE-2022-34295
was published
Jun 24, 2022
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
High
CVE-2022-31034
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values...
High
Unreviewed
CVE-2022-23138
was published
Jun 10, 2022
Weak private key generation in SSH.NET
Moderate
CVE-2022-29245
was published
for
SSH.NET
(NuGet)
Jun 1, 2022
Persistent platform private key may not be protected with a random IV leading to a potential “two...
High
Unreviewed
CVE-2021-26322
was published
May 24, 2022
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then...
High
Unreviewed
CVE-2021-22038
was published
May 24, 2022
A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All...
Moderate
Unreviewed
CVE-2021-37186
was published
May 24, 2022
Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are...
Critical
Unreviewed
CVE-2021-34646
was published
May 24, 2022
An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers ...
Critical
Unreviewed
CVE-2020-35685
was published
May 24, 2022
reNgine through 0.5 relies on a predictable directory name.
Critical
Unreviewed
CVE-2021-38606
was published
May 24, 2022
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of...
Moderate
Unreviewed
CVE-2021-25444
was published
May 24, 2022
An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow...
High
Unreviewed
CVE-2021-26098
was published
May 24, 2022
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7...
Moderate
Unreviewed
CVE-2021-27499
was published
May 24, 2022
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and...
Moderate
Unreviewed
CVE-2021-23020
was published
May 24, 2022
Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing...
Moderate
Unreviewed
CVE-2021-26909
was published
May 24, 2022
A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (versions...
Moderate
Unreviewed
CVE-2021-27393
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API