GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Insecure Entropy Source - Math.random() in node-uuid
High
CVE-2015-8851
was published
for
node-uuid
(npm)
Apr 16, 2020
CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic...
High
Unreviewed
CVE-2022-33756
was published
Jun 17, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
...
High
Unreviewed
CVE-2020-29505
was published
Jul 12, 2022
The authentication implementation on the xArm controller has very low entropy, making it...
High
Unreviewed
CVE-2020-10285
was published
May 24, 2022
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the...
High
Unreviewed
CVE-2020-25926
was published
May 24, 2022
Insufficient Entropy in DotNetNuke
High
CVE-2018-15812
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Insufficient Entropy in DotNetNuke
High
CVE-2018-18326
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape...
High
Unreviewed
CVE-2014-8422
was published
May 13, 2022
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone
High
CVE-2020-28924
was published
for
github.com/rclone/rclone
(Go)
Jun 10, 2021
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with...
High
Unreviewed
CVE-2017-0897
was published
May 13, 2022
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The...
High
Unreviewed
CVE-2017-13992
was published
May 13, 2022
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token...
High
Unreviewed
CVE-2018-10240
was published
May 14, 2022
Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it...
High
Unreviewed
CVE-2014-0691
was published
May 17, 2022
Rancher cattle-token is predictable
High
CVE-2022-43755
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys...
High
Unreviewed
CVE-2015-3405
was published
May 13, 2022
A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom...
High
Unreviewed
CVE-2023-20107
was published
Mar 23, 2023
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
High
CVE-2022-31034
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Apache OpenOffice supports the storage of passwords for web connections in the user's...
High
Unreviewed
CVE-2022-37401
was published
Aug 16, 2022
jose4j uses weak cryptographic algorithm
High
CVE-2023-31582
was published
for
org.bitbucket.b_c:jose4j
(Maven)
Oct 25, 2023
An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could...
High
Unreviewed
CVE-2023-31176
was published
Nov 30, 2023
An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that...
High
Unreviewed
CVE-2023-46648
was published
Dec 21, 2023
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses...
High
Unreviewed
CVE-2001-0950
was published
Apr 30, 2022
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit...
High
Unreviewed
CVE-2008-2108
was published
May 1, 2022
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple...
High
Unreviewed
CVE-2019-15847
was published
May 24, 2022
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before...
High
Unreviewed
CVE-2020-11957
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API