Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

14 advisories

Loading
Unable to generate the correct character set Critical
CVE-2024-36400 was published for nano-id (Rust) Jun 4, 2024
ciffelia
nano-id reduced entropy due to inadequate character set usage Critical
GHSA-2hfw-w739-p7x5 was published for nano-id (Rust) Jun 4, 2024
Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex... Critical Unreviewed
CVE-2024-25730 was published Feb 24, 2024
WWBN AVideo Insufficient Entropy vulnerbaility Critical
CVE-2023-49599 was published for wwbn/avideo (Composer) Jan 10, 2024
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper... Critical Unreviewed
CVE-2023-4344 was published Aug 15, 2023
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an... Critical Unreviewed
CVE-2023-3325 was published Jun 20, 2023
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected Critical
CVE-2021-4238 was published for github.com/Masterminds/goutils (Go) Dec 28, 2022
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation... Critical Unreviewed
CVE-2021-41615 was published Aug 9, 2022
Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness Critical Unreviewed
CVE-2013-2260 was published May 24, 2022
A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all... Critical Unreviewed
CVE-2021-22727 was published May 24, 2022
Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce. Critical Unreviewed
CVE-2021-33027 was published May 24, 2022
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass... Critical Unreviewed
CVE-2021-36320 was published Nov 21, 2021
Insufficient Entropy in parsel Critical
GHSA-vjvw-wcmw-pr26 was published for parsel (npm) Sep 4, 2020
Insufficient Entropy in cryptiles Critical
CVE-2018-1000620 was published for cryptiles (npm) Sep 11, 2018
jkmartindale
ProTip! Advisories are also available from the GraphQL API