GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
55 advisories
Filter by severity
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass...
Critical
Unreviewed
CVE-2021-36320
was published
Nov 21, 2021
A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to...
Moderate
Unreviewed
CVE-2021-42138
was published
Dec 21, 2021
A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from...
Low
Unreviewed
CVE-2021-22799
was published
Jan 29, 2022
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses...
High
Unreviewed
CVE-2001-0950
was published
Apr 30, 2022
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit...
High
Unreviewed
CVE-2008-2108
was published
May 1, 2022
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2)...
Moderate
Unreviewed
CVE-2008-1447
was published
May 3, 2022
A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon...
Moderate
Unreviewed
CVE-2017-6030
was published
May 13, 2022
The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape...
High
Unreviewed
CVE-2014-8422
was published
May 13, 2022
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local...
Moderate
Unreviewed
CVE-2016-2858
was published
May 13, 2022
Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK...
Moderate
Unreviewed
CVE-2019-9555
was published
May 13, 2022
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying...
Moderate
Unreviewed
CVE-2016-2564
was published
May 13, 2022
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys...
High
Unreviewed
CVE-2015-3405
was published
May 13, 2022
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys...
Moderate
Unreviewed
CVE-2017-2625
was published
May 13, 2022
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The...
High
Unreviewed
CVE-2017-13992
was published
May 13, 2022
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with...
High
Unreviewed
CVE-2017-0897
was published
May 13, 2022
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide...
Moderate
Unreviewed
CVE-2018-8435
was published
May 13, 2022
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local...
Moderate
Unreviewed
CVE-2017-2626
was published
May 14, 2022
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token...
High
Unreviewed
CVE-2018-10240
was published
May 14, 2022
Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it...
High
Unreviewed
CVE-2014-0691
was published
May 17, 2022
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple...
High
Unreviewed
CVE-2019-15847
was published
May 24, 2022
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1 and below for device not...
Low
Unreviewed
CVE-2019-15703
was published
May 24, 2022
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library...
Moderate
Unreviewed
CVE-2019-10064
was published
May 24, 2022
It's possible that an authenticated user guess other session IDs based on its own. Also it's...
Moderate
Unreviewed
CVE-2020-1773
was published
May 24, 2022
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before...
High
Unreviewed
CVE-2020-11957
was published
May 24, 2022
The authentication implementation on the xArm controller has very low entropy, making it...
High
Unreviewed
CVE-2020-10285
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API