Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

246 advisories

Loading
Use of Insufficiently Random Values in penggle:kaptcha Critical
CVE-2018-18531 was published for com.github.penggle:kaptcha (Maven) Oct 23, 2018
Insecure randomness in socket.io High
CVE-2017-16031 was published for socket.io (npm) Nov 7, 2018
Improper random number generation in github.com/coredns/coredns Moderate
GHSA-gv9j-4w24-q7vx was published for github.com/coredns/coredns (Go) Mar 1, 2022
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version... High Unreviewed
CVE-2023-22601 was published Jan 13, 2023
The Rambus SafeZone Basic Crypto Module, as used in certain Fujifilm (formerly Fuji Xerox)... Critical Unreviewed
CVE-2022-26320 was published Mar 15, 2022
Predictable CSRF tokens in centreon/centreon Moderate
CVE-2021-28055 was published for centreon/centreon (Composer) Jun 8, 2021
Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web... High Unreviewed
CVE-2021-46010 was published Apr 1, 2022
randomUUID in Scala.js before 1.10.0 generates predictable values. High Unreviewed
CVE-2022-28355 was published Apr 3, 2022
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS... High Unreviewed
CVE-2022-22517 was published Apr 8, 2022
The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the... Critical Unreviewed
CVE-2022-27577 was published Apr 12, 2022
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't... Moderate Unreviewed
CVE-2022-29035 was published Apr 12, 2022
Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state... Critical Unreviewed
CVE-2022-26851 was published Apr 9, 2022
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V,... Critical Unreviewed
CVE-2022-25752 was published Apr 13, 2022
Prima Systems FlexAir devices allow unauthenticated download of the database configuration backup... Critical Unreviewed
CVE-2019-7667 was published May 24, 2022
SHA1 implementation in JetBrains Ktor Native before 2.0.1 was returning the same value Moderate Unreviewed
CVE-2022-29930 was published May 13, 2022
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's... Moderate Unreviewed
CVE-2018-1108 was published May 13, 2022
Multiple W&T products of the Comserver Series use a small number space for allocating sessions... Critical Unreviewed
CVE-2022-42787 was published Nov 10, 2022
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the... Critical Unreviewed
CVE-2021-20322 was published Feb 19, 2022
Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute... Moderate Unreviewed
CVE-2020-15023 was published May 24, 2022
Weak private key generation in SSH.NET Moderate
CVE-2022-29245 was published for SSH.NET (NuGet) Jun 1, 2022
yaumn-synacktiv
ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values... High Unreviewed
CVE-2022-23138 was published Jun 10, 2022
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of... Moderate Unreviewed
CVE-2021-25444 was published May 24, 2022
Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of... High Unreviewed
CVE-2022-32284 was published Jul 5, 2022
A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen... High Unreviewed
CVE-2017-7901 was published May 17, 2022
Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker... Moderate Unreviewed
CVE-2022-33707 was published Jul 13, 2022
ProTip! Advisories are also available from the GraphQL API