GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,255
Erlang
31
GitHub Actions
21
Go
2,020
Maven
5,000+
npm
3,728
NuGet
662
pip
3,406
Pub
12
RubyGems
890
Rust
862
Swift
36
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect...
Moderate
Unreviewed
CVE-2018-9426
was published
Dec 3, 2024
A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature...
Moderate
Unreviewed
CVE-2024-20331
was published
Oct 23, 2024
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length
Moderate
CVE-2024-8796
was published
for
devise-two-factor
(RubyGems)
Sep 17, 2024
An insufficient entropy vulnerability caused by the improper use of a randomness function with...
Moderate
Unreviewed
CVE-2024-38270
was published
Sep 10, 2024
Openshift Console insufficient entropy vulnerability
Moderate
CVE-2024-6508
was published
for
github.com/openshift/console
(Go)
Aug 21, 2024
ZendFramework Information Disclosure and Insufficient Entropy vulnerability
Moderate
GHSA-2fhr-8r8r-qp56
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor,...
Moderate
Unreviewed
CVE-2023-49927
was published
Jun 5, 2024
Insecure State Generation in laravel/socialite
Moderate
GHSA-h97c-qp24-439v
was published
for
laravel/socialite
(Composer)
May 15, 2024
FOSUserBundle Entropy is lost in the TokenGenerator
Moderate
GHSA-pjx8-984p-7p3x
was published
for
friendsofsymfony/user-bundle
(Composer)
May 15, 2024
Chilkat before v9.5.0.98, allows attackers to obtain sensitive information via predictable PRNG...
Moderate
Unreviewed
CVE-2024-26329
was published
Apr 5, 2024
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If...
Moderate
Unreviewed
CVE-2023-34973
was published
Aug 24, 2023
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated,...
Moderate
Unreviewed
CVE-2023-38357
was published
Aug 1, 2023
?The affected TBox RTUs generate software security tokens using insufficient entropy. The random...
Moderate
Unreviewed
CVE-2023-36610
was published
Jul 3, 2023
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC)...
Moderate
Unreviewed
CVE-2022-20941
was published
Nov 16, 2022
PHPServerMon PRNG has Insufficient Entropy
Moderate
CVE-2021-4241
was published
for
phpservermon/phpservermon
(Composer)
Nov 16, 2022
Insufficient Entropy in PHPServerMon PRNG
Moderate
CVE-2021-4240
was published
for
phpservermon/phpservermon
(Composer)
Nov 16, 2022
An insufficient entropy vulnerability caused by the improper use of randomness sources with low...
Moderate
Unreviewed
CVE-2022-34746
was published
Sep 21, 2022
dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot...
Moderate
Unreviewed
CVE-2022-33989
was published
Aug 16, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An...
Moderate
Unreviewed
CVE-2022-27221
was published
Jun 15, 2022
A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit...
Moderate
Unreviewed
CVE-2021-3505
was published
May 24, 2022
It's possible that an authenticated user guess other session IDs based on its own. Also it's...
Moderate
Unreviewed
CVE-2020-1773
was published
May 24, 2022
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library...
Moderate
Unreviewed
CVE-2019-10064
was published
May 24, 2022
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local...
Moderate
Unreviewed
CVE-2017-2626
was published
May 14, 2022
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide...
Moderate
Unreviewed
CVE-2018-8435
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API