GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,253
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,725
NuGet
662
pip
3,402
Pub
12
RubyGems
890
Rust
861
Swift
36
Unreviewed advisories
All unreviewed
5,000+
27 advisories
Filter by severity
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number...
Critical
Unreviewed
CVE-2022-26852
was published
Apr 9, 2022
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could...
High
Unreviewed
CVE-2021-31922
was published
May 24, 2022
Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo...
High
Unreviewed
CVE-2016-3735
was published
Jan 29, 2022
Couchbase Server 5.1.1 generates insufficiently random numbers. The product hosts many network...
Critical
Unreviewed
CVE-2019-11495
was published
May 24, 2022
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the...
High
Unreviewed
CVE-2020-11616
was published
May 24, 2022
A predictable seed vulnerability exists in the password reset functionality of Epignosis...
High
Unreviewed
CVE-2020-28597
was published
May 24, 2022
Fastly Compute@Edge JS Runtime has fixed random number seed during compilation
High
CVE-2022-39218
was published
for
@fastly/js-compute
(npm)
Sep 20, 2022
In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang...
Critical
Unreviewed
CVE-2019-10908
was published
May 13, 2022
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG...
Critical
Unreviewed
CVE-2018-1426
was published
May 13, 2022
Insecure random number generation in keypair
High
CVE-2021-41117
was published
for
keypair
(npm)
Oct 11, 2021
passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin...
Critical
Unreviewed
CVE-2017-11519
was published
May 13, 2022
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows...
High
Unreviewed
CVE-2017-5214
was published
May 13, 2022
An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of...
High
Unreviewed
CVE-2018-12520
was published
May 13, 2022
A flaw in the previous versions of the product may allow an authenticated attacker the ability to...
High
Unreviewed
CVE-2021-42810
was published
Jan 20, 2022
Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric...
Critical
Unreviewed
CVE-2022-40267
was published
Jan 20, 2023
Insecure PRNG use in random_password_generator
High
CVE-2019-25061
was published
for
random_password_generator
(RubyGems)
May 19, 2022
Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number...
Critical
Unreviewed
CVE-2023-4472
was published
Feb 2, 2024
Cryptographic Issues in ECK
High
CVE-2020-7010
was published
for
github.com/elastic/cloud-on-k8s
(Go)
Feb 15, 2022
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in...
Critical
Unreviewed
CVE-2020-10256
was published
May 24, 2022
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random...
Moderate
Unreviewed
CVE-2018-12384
was published
May 24, 2022
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
High
Unreviewed
CVE-2020-13784
was published
May 24, 2022
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
Critical
Unreviewed
CVE-2012-1577
was published
Apr 23, 2022
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Secomea...
High
Unreviewed
CVE-2024-1579
was published
Apr 29, 2024
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time...
High
Unreviewed
CVE-2016-10180
was published
May 13, 2022
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through...
Critical
Unreviewed
CVE-2024-36048
was published
May 18, 2024
ProTip!
Advisories are also available from the
GraphQL API