Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

30 advisories

Loading
Denial of service attack via push rule patterns in matrix-synapse Moderate
CVE-2021-29471 was published for matrix-synapse (pip) May 13, 2021
A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to... Moderate Unreviewed
CVE-2021-42138 was published Dec 21, 2021
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2)... Moderate Unreviewed
CVE-2008-1447 was published May 3, 2022
A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon... Moderate Unreviewed
CVE-2017-6030 was published May 13, 2022
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local... Moderate Unreviewed
CVE-2016-2858 was published May 13, 2022
Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK... Moderate Unreviewed
CVE-2019-9555 was published May 13, 2022
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying... Moderate Unreviewed
CVE-2016-2564 was published May 13, 2022
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys... Moderate Unreviewed
CVE-2017-2625 was published May 13, 2022
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide... Moderate Unreviewed
CVE-2018-8435 was published May 13, 2022
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local... Moderate Unreviewed
CVE-2017-2626 was published May 14, 2022
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library... Moderate Unreviewed
CVE-2019-10064 was published May 24, 2022
It's possible that an authenticated user guess other session IDs based on its own. Also it's... Moderate Unreviewed
CVE-2020-1773 was published May 24, 2022
A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit... Moderate Unreviewed
CVE-2021-3505 was published May 24, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An... Moderate Unreviewed
CVE-2022-27221 was published Jun 15, 2022
dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot... Moderate Unreviewed
CVE-2022-33989 was published Aug 16, 2022
An insufficient entropy vulnerability caused by the improper use of randomness sources with low... Moderate Unreviewed
CVE-2022-34746 was published Sep 21, 2022
PHPServerMon PRNG has Insufficient Entropy Moderate
CVE-2021-4241 was published for phpservermon/phpservermon (Composer) Nov 16, 2022
Insufficient Entropy in PHPServerMon PRNG Moderate
CVE-2021-4240 was published for phpservermon/phpservermon (Composer) Nov 16, 2022
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC)... Moderate Unreviewed
CVE-2022-20941 was published Nov 16, 2022
?The affected TBox RTUs generate software security tokens using insufficient entropy. The random... Moderate Unreviewed
CVE-2023-36610 was published Jul 3, 2023
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated,... Moderate Unreviewed
CVE-2023-38357 was published Aug 1, 2023
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If... Moderate Unreviewed
CVE-2023-34973 was published Aug 24, 2023
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
FOSUserBundle Entropy is lost in the TokenGenerator Moderate
GHSA-pjx8-984p-7p3x was published for friendsofsymfony/user-bundle (Composer) May 15, 2024
Insecure State Generation in laravel/socialite Moderate
GHSA-h97c-qp24-439v was published for laravel/socialite (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database