GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
23 advisories
Filter by severity
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library...
Moderate
Unreviewed
CVE-2019-10064
was published
May 24, 2022
A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit...
Moderate
Unreviewed
CVE-2021-3505
was published
May 24, 2022
dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot...
Moderate
Unreviewed
CVE-2022-33989
was published
Aug 16, 2022
An insufficient entropy vulnerability caused by the improper use of randomness sources with low...
Moderate
Unreviewed
CVE-2022-34746
was published
Sep 21, 2022
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2)...
Moderate
Unreviewed
CVE-2008-1447
was published
May 3, 2022
A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon...
Moderate
Unreviewed
CVE-2017-6030
was published
May 13, 2022
A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to...
Moderate
Unreviewed
CVE-2021-42138
was published
Dec 21, 2021
Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK...
Moderate
Unreviewed
CVE-2019-9555
was published
May 13, 2022
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying...
Moderate
Unreviewed
CVE-2016-2564
was published
May 13, 2022
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide...
Moderate
Unreviewed
CVE-2018-8435
was published
May 13, 2022
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local...
Moderate
Unreviewed
CVE-2017-2626
was published
May 14, 2022
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys...
Moderate
Unreviewed
CVE-2017-2625
was published
May 13, 2022
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local...
Moderate
Unreviewed
CVE-2016-2858
was published
May 13, 2022
It's possible that an authenticated user guess other session IDs based on its own. Also it's...
Moderate
Unreviewed
CVE-2020-1773
was published
May 24, 2022
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC)...
Moderate
Unreviewed
CVE-2022-20941
was published
Nov 16, 2022
?The affected TBox RTUs generate software security tokens using insufficient entropy. The random...
Moderate
Unreviewed
CVE-2023-36610
was published
Jul 3, 2023
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated,...
Moderate
Unreviewed
CVE-2023-38357
was published
Aug 1, 2023
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If...
Moderate
Unreviewed
CVE-2023-34973
was published
Aug 24, 2023
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An...
Moderate
Unreviewed
CVE-2022-27221
was published
Jun 15, 2022
An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor,...
Moderate
Unreviewed
CVE-2023-49927
was published
Jun 5, 2024
An insufficient entropy vulnerability caused by the improper use of a randomness function with...
Moderate
Unreviewed
CVE-2024-38270
was published
Sep 10, 2024
A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature...
Moderate
Unreviewed
CVE-2024-20331
was published
Oct 23, 2024
Chilkat before v9.5.0.98, allows attackers to obtain sensitive information via predictable PRNG...
Moderate
Unreviewed
CVE-2024-26329
was published
Apr 5, 2024
ProTip!
Advisories are also available from the
GraphQL API