Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

67 advisories

Loading
It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys,... Moderate Unreviewed
CVE-2008-3280 was published Apr 21, 2022
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart,... Critical Unreviewed
CVE-2011-4574 was published Apr 22, 2022
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to... High Unreviewed
CVE-2022-20817 was published Jun 16, 2022
OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token... High Unreviewed
CVE-2022-33738 was published Jul 7, 2022
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number... Moderate Unreviewed
CVE-2022-41210 was published Oct 12, 2022
An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config... Moderate Unreviewed
CVE-2019-15075 was published May 24, 2022
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo... Low Unreviewed
CVE-2020-6616 was published May 24, 2022
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset... Critical Unreviewed
CVE-2020-28642 was published May 24, 2022
An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that... Critical Unreviewed
CVE-2022-44796 was published Nov 7, 2022
BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate... Moderate Unreviewed
CVE-2021-29245 was published May 24, 2022
Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R)... Moderate Unreviewed
CVE-2021-0131 was published May 24, 2022
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. High Unreviewed
CVE-2021-37553 was published May 24, 2022
A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to... Low Unreviewed
CVE-2021-3047 was published May 24, 2022
profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can... High Unreviewed
CVE-2022-40769 was published Sep 19, 2022
D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random... Moderate Unreviewed
CVE-2022-42159 was published Oct 14, 2022
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not... High Unreviewed
CVE-2017-5493 was published May 13, 2022
Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3... High Unreviewed
CVE-2017-8081 was published May 13, 2022
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650,... High Unreviewed
CVE-2018-11291 was published May 13, 2022
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU... High Unreviewed
CVE-2018-11290 was published May 13, 2022
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU... Moderate Unreviewed
CVE-2018-5871 was published May 13, 2022
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650,... High Unreviewed
CVE-2018-5837 was published May 13, 2022
The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum... High Unreviewed
CVE-2018-15552 was published May 13, 2022
The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling... High Unreviewed
CVE-2018-12056 was published May 14, 2022
The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum... High Unreviewed
CVE-2018-17071 was published May 14, 2022
The random() function of the smart contract implementation for CryptoSaga, an Ethereum game,... High Unreviewed
CVE-2018-12975 was published May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database