Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,328
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

83 advisories

Loading
The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum... High Unreviewed
CVE-2018-17987 was published May 14, 2022
In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure... High Unreviewed
CVE-2019-1997 was published May 14, 2022
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. High Unreviewed
CVE-2018-20025 was published May 14, 2022
POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be... High Unreviewed
CVE-2018-15807 was published May 13, 2022
A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569... High Unreviewed
CVE-2017-17704 was published May 13, 2022
wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be... High Unreviewed
CVE-2017-17091 was published May 13, 2022
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380... High Unreviewed
CVE-2017-15654 was published May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the... High Unreviewed
CVE-2017-13082 was published May 13, 2022
Due to unencrypted signal communication and predictability of rolling codes, an attacker can ... High Unreviewed
CVE-2019-9860 was published May 13, 2022
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the... High Unreviewed
CVE-2019-8919 was published May 13, 2022
Matrix Synapse Predictable Secret Key High
CVE-2019-5885 was published for matrix-synapse (pip) May 13, 2022
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to... High Unreviewed
CVE-2013-6925 was published May 13, 2022
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x... High Unreviewed
CVE-2022-26071 was published May 6, 2022
pyrad is vulnerable to the use of Insufficiently Random Values High
CVE-2013-0294 was published for pyrad (pip) May 5, 2022
account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently... High Unreviewed
CVE-2009-2158 was published May 2, 2022
The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2,... High Unreviewed
CVE-2008-3612 was published May 2, 2022
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business... High Unreviewed
CVE-2008-2433 was published May 1, 2022
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of... High Unreviewed
CVE-2008-0141 was published May 1, 2022
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses... High Unreviewed
CVE-2008-0087 was published May 1, 2022
pyftpdlib Use of Insufficiently Random Values of port selection on PASV command High
CVE-2007-6738 was published for pyftpdlib (pip) May 1, 2022
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS... High Unreviewed
CVE-2022-22517 was published Apr 8, 2022
randomUUID in Scala.js before 1.10.0 generates predictable values. High Unreviewed
CVE-2022-28355 was published Apr 3, 2022
Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web... High Unreviewed
CVE-2021-46010 was published Apr 1, 2022
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,... High Unreviewed
CVE-2021-26726 was published Feb 17, 2022
Use of Hard-coded Credentials in Apache Kylin High
CVE-2021-45458 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database