Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

83 advisories

Loading
Openshift Console insufficient entropy vulnerability Moderate
CVE-2024-6508 was published for github.com/openshift/console (Go) Aug 21, 2024
Pallets Werkzeug Insufficient Entropy High
CVE-2019-14806 was published for werkzeug (pip) Aug 21, 2019
Denial of service attack via push rule patterns in matrix-synapse Moderate
CVE-2021-29471 was published for matrix-synapse (pip) May 13, 2021
Lemur uses static IV per key High
CVE-2015-7764 was published for lemur (pip) May 13, 2022
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length Moderate
CVE-2024-8796 was published for devise-two-factor (RubyGems) Sep 17, 2024
syntacticNaCl mark-adams
Unable to generate the correct character set Critical
CVE-2024-36400 was published for nano-id (Rust) Jun 4, 2024
ciffelia
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability High
GHSA-848f-mph5-9pm9 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework1 Potential Insufficient Entropy Vulnerability High
GHSA-8xhv-gqm4-3w99 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability High
GHSA-mg4x-prh7-g4mx was published for zendframework/zend-captcha (Composer) Jun 7, 2024
ZendFramework Information Disclosure and Insufficient Entropy vulnerability Moderate
GHSA-2fhr-8r8r-qp56 was published for zendframework/zendframework (Composer) Jun 7, 2024
nano-id reduced entropy due to inadequate character set usage Critical
GHSA-2hfw-w739-p7x5 was published for nano-id (Rust) Jun 4, 2024
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected Critical
CVE-2021-4238 was published for github.com/Masterminds/goutils (Go) Dec 28, 2022
random_compat Uses insecure CSPRNG Low
GHSA-3fmq-x9q6-wm39 was published for paragonie/random_compat (Composer) May 17, 2024
ProTip! Advisories are also available from the GraphQL API