GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
83 advisories
Filter by severity
In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect...
Moderate
Unreviewed
CVE-2018-9426
was published
Dec 3, 2024
A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature...
Moderate
Unreviewed
CVE-2024-20331
was published
Oct 23, 2024
The devices are vulnerable to session hijacking due to insufficient
entropy in its session ID...
Critical
Unreviewed
CVE-2024-47945
was published
Oct 15, 2024
Eufy HomeBase 2 model T8010X v3.2.8.3h was discovered to use the deprecated wireless protocol...
High
Unreviewed
CVE-2023-37822
was published
Oct 3, 2024
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length
Moderate
CVE-2024-8796
was published
for
devise-two-factor
(RubyGems)
Sep 17, 2024
An insufficient entropy vulnerability caused by the improper use of a randomness function with...
Moderate
Unreviewed
CVE-2024-38270
was published
Sep 10, 2024
Openshift Console insufficient entropy vulnerability
Moderate
CVE-2024-6508
was published
for
github.com/openshift/console
(Go)
Aug 21, 2024
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability
High
GHSA-848f-mph5-9pm9
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework1 Potential Insufficient Entropy Vulnerability
High
GHSA-8xhv-gqm4-3w99
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability
High
GHSA-mg4x-prh7-g4mx
was published
for
zendframework/zend-captcha
(Composer)
Jun 7, 2024
ZendFramework Information Disclosure and Insufficient Entropy vulnerability
Moderate
GHSA-2fhr-8r8r-qp56
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor,...
Moderate
Unreviewed
CVE-2023-49927
was published
Jun 5, 2024
Unable to generate the correct character set
Critical
CVE-2024-36400
was published
for
nano-id
(Rust)
Jun 4, 2024
nano-id reduced entropy due to inadequate character set usage
Critical
GHSA-2hfw-w739-p7x5
was published
for
nano-id
(Rust)
Jun 4, 2024
random_compat Uses insecure CSPRNG
Low
GHSA-3fmq-x9q6-wm39
was published
for
paragonie/random_compat
(Composer)
May 17, 2024
Insecure State Generation in laravel/socialite
Moderate
GHSA-h97c-qp24-439v
was published
for
laravel/socialite
(Composer)
May 15, 2024
FOSUserBundle Entropy is lost in the TokenGenerator
Moderate
GHSA-pjx8-984p-7p3x
was published
for
friendsofsymfony/user-bundle
(Composer)
May 15, 2024
Chilkat before v9.5.0.98, allows attackers to obtain sensitive information via predictable PRNG...
Moderate
Unreviewed
CVE-2024-26329
was published
Apr 5, 2024
Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex...
Critical
Unreviewed
CVE-2024-25730
was published
Feb 24, 2024
SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction...
High
Unreviewed
CVE-2024-25407
was published
Feb 13, 2024
WWBN AVideo Insufficient Entropy vulnerbaility
Critical
CVE-2023-49599
was published
for
wwbn/avideo
(Composer)
Jan 10, 2024
An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that...
High
Unreviewed
CVE-2023-46648
was published
Dec 21, 2023
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could...
High
Unreviewed
CVE-2023-31176
was published
Nov 30, 2023
jose4j uses weak cryptographic algorithm
High
CVE-2023-31582
was published
for
org.bitbucket.b_c:jose4j
(Maven)
Oct 25, 2023
ProTip!
Advisories are also available from the
GraphQL API