GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,794
Composer 4,248
Erlang 31
GitHub Actions 21
Go 2,017
Maven 5,202
npm 3,722
NuGet 662
pip 3,400
Pub 11
RubyGems 890
Rust 857
Swift 36

Unreviewed advisories

All unreviewed 236,323

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

55 advisories

Filter by severity

Sort by

Least recently updated

Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness Critical Unreviewed

CVE-2013-2260 was published May 24, 2022

The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the... High Unreviewed

CVE-2020-25926 was published May 24, 2022

A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all... Critical Unreviewed

CVE-2021-22727 was published May 24, 2022

Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce. Critical Unreviewed

CVE-2021-33027 was published May 24, 2022

A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit... Moderate Unreviewed

CVE-2021-3505 was published May 24, 2022

The authentication implementation on the xArm controller has very low entropy, making it... High Unreviewed

CVE-2020-10285 was published May 24, 2022

The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before... High Unreviewed

CVE-2020-11957 was published May 24, 2022

It's possible that an authenticated user guess other session IDs based on its own. Also it's... Moderate Unreviewed

CVE-2020-1773 was published May 24, 2022

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library... Moderate Unreviewed

CVE-2019-10064 was published May 24, 2022

An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1 and below for device not... Low Unreviewed

CVE-2019-15703 was published May 24, 2022

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple... High Unreviewed

CVE-2019-15847 was published May 24, 2022

Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it... High Unreviewed

CVE-2014-0691 was published May 17, 2022

SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token... High Unreviewed

CVE-2018-10240 was published May 14, 2022

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local... Moderate Unreviewed

CVE-2017-2626 was published May 14, 2022

A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide... Moderate Unreviewed

CVE-2018-8435 was published May 13, 2022

ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with... High Unreviewed

CVE-2017-0897 was published May 13, 2022

An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The... High Unreviewed

CVE-2017-13992 was published May 13, 2022

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys... Moderate Unreviewed

CVE-2017-2625 was published May 13, 2022

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys... High Unreviewed

CVE-2015-3405 was published May 13, 2022

Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying... Moderate Unreviewed

CVE-2016-2564 was published May 13, 2022

Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK... Moderate Unreviewed

CVE-2019-9555 was published May 13, 2022

QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local... Moderate Unreviewed

CVE-2016-2858 was published May 13, 2022

The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape... High Unreviewed

CVE-2014-8422 was published May 13, 2022

A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon... Moderate Unreviewed

CVE-2017-6030 was published May 13, 2022

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2)... Moderate Unreviewed

CVE-2008-1447 was published May 3, 2022

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

55 advisories