Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

9 advisories

Loading
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys Critical
GHSA-84c3-j8r2-mcm8 was published for @nfid/embed (npm) Feb 26, 2024
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate` Critical
CVE-2024-1631 was published for @dfinity/auth-client (npm) Feb 21, 2024
peterpeterparker krpeacock
crypto-js uses insecure random numbers Moderate
CVE-2020-36732 was published for crypto-js (npm) Jun 12, 2023
Fastly Compute@Edge JS Runtime has fixed random number seed during compilation High
CVE-2022-39218 was published for @fastly/js-compute (npm) Sep 20, 2022
JakeChampion
Cryptographically weak PRNG in `utils.generateUUID` Critical
CVE-2022-36045 was published for nodebb (npm) Aug 30, 2022
HakuPiku
otp-generator before v3.0.0 insecurely generates random one-time passwords Critical
CVE-2021-23451 was published for otp-generator (npm) Jul 26, 2022
Weak JSON Web Token in yapi-vendor Moderate
CVE-2021-27884 was published for yapi-vendor (npm) Mar 26, 2021
Insecure randomness in socket.io High
CVE-2017-16031 was published for socket.io (npm) Nov 7, 2018
Cryptographically Weak PRNG in randomatic Moderate
CVE-2017-16028 was published for randomatic (npm) Oct 9, 2018
ProTip! Advisories are also available from the GraphQL API