GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
54 advisories
Filter by severity
A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature...
Moderate
Unreviewed
CVE-2024-20331
was published
Oct 23, 2024
The devices are vulnerable to session hijacking due to insufficient
entropy in its session ID...
Critical
Unreviewed
CVE-2024-47945
was published
Oct 15, 2024
Eufy HomeBase 2 model T8010X v3.2.8.3h was discovered to use the deprecated wireless protocol...
High
Unreviewed
CVE-2023-37822
was published
Oct 3, 2024
An insufficient entropy vulnerability caused by the improper use of a randomness function with...
Moderate
Unreviewed
CVE-2024-38270
was published
Sep 10, 2024
An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor,...
Moderate
Unreviewed
CVE-2023-49927
was published
Jun 5, 2024
Chilkat before v9.5.0.98, allows attackers to obtain sensitive information via predictable PRNG...
Moderate
Unreviewed
CVE-2024-26329
was published
Apr 5, 2024
Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex...
Critical
Unreviewed
CVE-2024-25730
was published
Feb 24, 2024
SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction...
High
Unreviewed
CVE-2024-25407
was published
Feb 13, 2024
An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that...
High
Unreviewed
CVE-2023-46648
was published
Dec 21, 2023
An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could...
High
Unreviewed
CVE-2023-31176
was published
Nov 30, 2023
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If...
Moderate
Unreviewed
CVE-2023-34973
was published
Aug 24, 2023
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper...
Critical
Unreviewed
CVE-2023-4344
was published
Aug 15, 2023
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated,...
Moderate
Unreviewed
CVE-2023-38357
was published
Aug 1, 2023
?The affected TBox RTUs generate software security tokens using insufficient entropy. The random...
Moderate
Unreviewed
CVE-2023-36610
was published
Jul 3, 2023
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an...
Critical
Unreviewed
CVE-2023-3325
was published
Jun 20, 2023
A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom...
High
Unreviewed
CVE-2023-20107
was published
Mar 23, 2023
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC)...
Moderate
Unreviewed
CVE-2022-20941
was published
Nov 16, 2022
An insufficient entropy vulnerability caused by the improper use of randomness sources with low...
Moderate
Unreviewed
CVE-2022-34746
was published
Sep 21, 2022
Apache OpenOffice supports the storage of passwords for web connections in the user's...
High
Unreviewed
CVE-2022-37401
was published
Aug 16, 2022
dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot...
Moderate
Unreviewed
CVE-2022-33989
was published
Aug 16, 2022
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation...
Critical
Unreviewed
CVE-2021-41615
was published
Aug 9, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
...
High
Unreviewed
CVE-2020-29505
was published
Jul 12, 2022
CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic...
High
Unreviewed
CVE-2022-33756
was published
Jun 17, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An...
Moderate
Unreviewed
CVE-2022-27221
was published
Jun 15, 2022
Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness
Critical
Unreviewed
CVE-2013-2260
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API