Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

246 advisories

Loading
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e... Moderate Unreviewed
CVE-2008-2020 was published May 1, 2022
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of... High Unreviewed
CVE-2008-0141 was published May 1, 2022
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses... High Unreviewed
CVE-2008-0087 was published May 1, 2022
pyftpdlib Use of Insufficiently Random Values of port selection on PASV command Moderate
CVE-2007-6738 was published for pyftpdlib (pip) May 1, 2022
Jetty Uses Predictable Session Identifiers Moderate
CVE-2006-6969 was published for org.eclipse.jetty:jetty-server (Maven) May 1, 2022
TYPO3 is vulnerable to Insecure randomness in uniqid function Moderate
CVE-2010-3666 was published for typo3/cms-install (Composer) Apr 21, 2022
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V,... Critical Unreviewed
CVE-2022-25752 was published Apr 13, 2022
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't... Moderate Unreviewed
CVE-2022-29035 was published Apr 12, 2022
The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the... Critical Unreviewed
CVE-2022-27577 was published Apr 12, 2022
Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state... Critical Unreviewed
CVE-2022-26851 was published Apr 9, 2022
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS... High Unreviewed
CVE-2022-22517 was published Apr 8, 2022
randomUUID in Scala.js before 1.10.0 generates predictable values. High Unreviewed
CVE-2022-28355 was published Apr 3, 2022
Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web... High Unreviewed
CVE-2021-46010 was published Apr 1, 2022
The Rambus SafeZone Basic Crypto Module, as used in certain Fujifilm (formerly Fuji Xerox)... Critical Unreviewed
CVE-2022-26320 was published Mar 15, 2022
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23... Moderate Unreviewed
CVE-2022-26317 was published Mar 9, 2022
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource,... Moderate Unreviewed
CVE-2022-22700 was published Mar 4, 2022
Improper random number generation in github.com/coredns/coredns Moderate
GHSA-gv9j-4w24-q7vx was published for github.com/coredns/coredns (Go) Mar 1, 2022
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the... Critical Unreviewed
CVE-2021-20322 was published Feb 19, 2022
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,... High Unreviewed
CVE-2021-26726 was published Feb 17, 2022
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass... Critical Unreviewed
CVE-2021-36294 was published Jan 27, 2022
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects... Critical Unreviewed
CVE-2022-23408 was published Jan 19, 2022
Use of Hard-coded Credentials in Apache Kylin High
CVE-2021-45458 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user... High Unreviewed
CVE-2021-24998 was published Dec 28, 2021
Improper file handling in concrete5/core High
CVE-2021-22968 was published for concrete5/core (Composer) Nov 23, 2021
Use of Insufficiently Random Values in yiisoft/yii2-dev High
CVE-2021-3689 was published for yiisoft/yii2-dev (Composer) Sep 1, 2021
ProTip! Advisories are also available from the GraphQL API