Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

81 advisories

Loading
Insufficient Entropy in cryptiles Critical
CVE-2018-1000620 was published for cryptiles (npm) Sep 11, 2018
jkmartindale
Insufficient Entropy in DotNetNuke High
CVE-2018-18326 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
Insufficient Entropy in DotNetNuke High
CVE-2018-15812 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
Pallets Werkzeug Insufficient Entropy High
CVE-2019-14806 was published for werkzeug (pip) Aug 21, 2019
Insecure Entropy Source - Math.random() in node-uuid High
CVE-2015-8851 was published for node-uuid (npm) Apr 16, 2020
Insufficient Entropy in parsel Critical
GHSA-vjvw-wcmw-pr26 was published for parsel (npm) Sep 4, 2020
Denial of service attack via push rule patterns in matrix-synapse Moderate
CVE-2021-29471 was published for matrix-synapse (pip) May 13, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone High
CVE-2020-28924 was published for github.com/rclone/rclone (Go) Jun 10, 2021
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass... Critical Unreviewed
CVE-2021-36320 was published Nov 21, 2021
A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to... Moderate Unreviewed
CVE-2021-42138 was published Dec 21, 2021
A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from... Low Unreviewed
CVE-2021-22799 was published Jan 29, 2022
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses... High Unreviewed
CVE-2001-0950 was published Apr 30, 2022
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit... High Unreviewed
CVE-2008-2108 was published May 1, 2022
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2)... Moderate Unreviewed
CVE-2008-1447 was published May 3, 2022
A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon... Moderate Unreviewed
CVE-2017-6030 was published May 13, 2022
The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape... High Unreviewed
CVE-2014-8422 was published May 13, 2022
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local... Moderate Unreviewed
CVE-2016-2858 was published May 13, 2022
Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK... Moderate Unreviewed
CVE-2019-9555 was published May 13, 2022
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying... Moderate Unreviewed
CVE-2016-2564 was published May 13, 2022
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys... High Unreviewed
CVE-2015-3405 was published May 13, 2022
Lemur uses static IV per key High
CVE-2015-7764 was published for lemur (pip) May 13, 2022
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys... Moderate Unreviewed
CVE-2017-2625 was published May 13, 2022
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The... High Unreviewed
CVE-2017-13992 was published May 13, 2022
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with... High Unreviewed
CVE-2017-0897 was published May 13, 2022
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide... Moderate Unreviewed
CVE-2018-8435 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database