Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,900
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

77 advisories

Loading
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length Moderate
CVE-2024-8796 was published for devise-two-factor (RubyGems) Sep 17, 2024
syntacticNaCl mark-adams
An insufficient entropy vulnerability caused by the improper use of a randomness function with... Moderate Unreviewed
CVE-2024-38270 was published Sep 10, 2024
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper... Critical Unreviewed
CVE-2023-4344 was published Aug 15, 2023
Openshift Console insufficient entropy vulnerability High
CVE-2024-6508 was published for github.com/openshift/console (Go) Aug 21, 2024
Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex... Critical Unreviewed
CVE-2024-25730 was published Feb 24, 2024
An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor,... Moderate Unreviewed
CVE-2023-49927 was published Jun 5, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An... Moderate Unreviewed
CVE-2022-27221 was published Jun 15, 2022
Unable to generate the correct character set Critical
CVE-2024-36400 was published for nano-id (Rust) Jun 4, 2024
ciffelia
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability High
GHSA-848f-mph5-9pm9 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework1 Potential Insufficient Entropy Vulnerability High
GHSA-8xhv-gqm4-3w99 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability High
GHSA-mg4x-prh7-g4mx was published for zendframework/zend-captcha (Composer) Jun 7, 2024
ZendFramework Information Disclosure and Insufficient Entropy vulnerability Moderate
GHSA-2fhr-8r8r-qp56 was published for zendframework/zendframework (Composer) Jun 7, 2024
nano-id reduced entropy due to inadequate character set usage Critical
GHSA-2hfw-w739-p7x5 was published for nano-id (Rust) Jun 4, 2024
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected Critical
CVE-2021-4238 was published for github.com/Masterminds/goutils (Go) Dec 28, 2022
random_compat Uses insecure CSPRNG Low
GHSA-3fmq-x9q6-wm39 was published for paragonie/random_compat (Composer) May 17, 2024
Insecure State Generation in laravel/socialite Moderate
GHSA-h97c-qp24-439v was published for laravel/socialite (Composer) May 15, 2024
FOSUserBundle Entropy is lost in the TokenGenerator Moderate
GHSA-pjx8-984p-7p3x was published for friendsofsymfony/user-bundle (Composer) May 15, 2024
Lemur uses static IV per key High
CVE-2015-7764 was published for lemur (pip) May 13, 2022
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If... Moderate Unreviewed
CVE-2023-34973 was published Aug 24, 2023
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated,... Moderate Unreviewed
CVE-2023-38357 was published Aug 1, 2023
?The affected TBox RTUs generate software security tokens using insufficient entropy. The random... Moderate Unreviewed
CVE-2023-36610 was published Jul 3, 2023
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an... Critical Unreviewed
CVE-2023-3325 was published Jun 20, 2023
Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness Critical Unreviewed
CVE-2013-2260 was published May 24, 2022
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before... High Unreviewed
CVE-2020-11957 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API