GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
97 advisories
Filter by severity
Cryptographically Weak PRNG in generate-password
Moderate
GHSA-6qqf-vvcr-7qrv
was published
for
generate-password
(npm)
May 23, 2019
Critical severity vulnerability that affects generator-jhipster
Critical
GHSA-mwp6-j9wf-968c
was published
for
generator-jhipster
(npm)
Sep 13, 2019
•
withdrawn
Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor
Critical
CVE-2018-16115
was published
for
com.typesafe.akka:akka-actor_2.11
(Maven)
Oct 22, 2018
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker
High
CVE-2018-15795
was published
for
org.springframework.credhub:spring-credhub-core
(Maven)
Nov 29, 2018
JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0
Critical
CVE-2019-16303
was published
for
generator-jhipster-kotlin
(npm)
Jun 26, 2020
It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys,...
Moderate
Unreviewed
CVE-2008-3280
was published
Apr 21, 2022
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart,...
Critical
Unreviewed
CVE-2011-4574
was published
Apr 22, 2022
Weak private key generation in SSH.NET
Moderate
CVE-2022-29245
was published
for
SSH.NET
(NuGet)
Jun 1, 2022
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to...
High
Unreviewed
CVE-2022-20817
was published
Jun 16, 2022
OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token...
High
Unreviewed
CVE-2022-33738
was published
Jul 7, 2022
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number...
Moderate
Unreviewed
CVE-2022-41210
was published
Oct 12, 2022
An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config...
Moderate
Unreviewed
CVE-2019-15075
was published
May 24, 2022
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo...
Low
Unreviewed
CVE-2020-6616
was published
May 24, 2022
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset...
Critical
Unreviewed
CVE-2020-28642
was published
May 24, 2022
An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that...
Critical
Unreviewed
CVE-2022-44796
was published
Nov 7, 2022
Cryptographically weak PRNG in `utils.generateUUID`
Critical
CVE-2022-36045
was published
for
nodebb
(npm)
Aug 30, 2022
BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate...
Moderate
Unreviewed
CVE-2021-29245
was published
May 24, 2022
Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R)...
Moderate
Unreviewed
CVE-2021-0131
was published
May 24, 2022
Use of Insufficiently Random Values in Apereo CAS
High
CVE-2019-10754
was published
for
org.apereo.cas:cas-server-core-services-api
(Maven)
May 24, 2022
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
High
Unreviewed
CVE-2021-37553
was published
May 24, 2022
A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to...
Low
Unreviewed
CVE-2021-3047
was published
May 24, 2022
profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can...
High
Unreviewed
CVE-2022-40769
was published
Sep 19, 2022
D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random...
Moderate
Unreviewed
CVE-2022-42159
was published
Oct 14, 2022
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack
Low
CVE-2019-11808
was published
for
io.ratpack:ratpack-groovy
(Maven)
May 14, 2019
Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml
Moderate
CVE-2019-10755
was published
for
org.pac4j:pac4j-saml
(Maven)
Nov 6, 2019
ProTip!
Advisories are also available from the
GraphQL API