GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker
High
CVE-2018-15795
was published
for
org.springframework.credhub:spring-credhub-core
(Maven)
Nov 29, 2018
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to...
High
Unreviewed
CVE-2022-20817
was published
Jun 16, 2022
OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token...
High
Unreviewed
CVE-2022-33738
was published
Jul 7, 2022
Use of Insufficiently Random Values in Apereo CAS
High
CVE-2019-10754
was published
for
org.apereo.cas:cas-server-core-services-api
(Maven)
May 24, 2022
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
High
Unreviewed
CVE-2021-37553
was published
May 24, 2022
profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can...
High
Unreviewed
CVE-2022-40769
was published
Sep 19, 2022
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone
High
CVE-2020-28924
was published
for
github.com/rclone/rclone
(Go)
Jun 10, 2021
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not...
High
Unreviewed
CVE-2017-5493
was published
May 13, 2022
Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3...
High
Unreviewed
CVE-2017-8081
was published
May 13, 2022
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650,...
High
Unreviewed
CVE-2018-11291
was published
May 13, 2022
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU...
High
Unreviewed
CVE-2018-11290
was published
May 13, 2022
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650,...
High
Unreviewed
CVE-2018-5837
was published
May 13, 2022
The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum...
High
Unreviewed
CVE-2018-15552
was published
May 13, 2022
The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling...
High
Unreviewed
CVE-2018-12056
was published
May 14, 2022
The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum...
High
Unreviewed
CVE-2018-17071
was published
May 14, 2022
The random() function of the smart contract implementation for CryptoSaga, an Ethereum game,...
High
Unreviewed
CVE-2018-12975
was published
May 14, 2022
A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a...
High
Unreviewed
CVE-2018-17968
was published
May 14, 2022
A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a...
High
Unreviewed
CVE-2018-17877
was published
May 14, 2022
The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an...
High
Unreviewed
CVE-2018-12454
was published
May 14, 2022
The endCoinFlip function and throwSlammer function of the smart contract implementations for...
High
Unreviewed
CVE-2018-14715
was published
May 14, 2022
** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology...
High
Unreviewed
CVE-2017-9230
was published
May 14, 2022
An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs...
High
Unreviewed
CVE-2017-17845
was published
May 14, 2022
In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
High
Unreviewed
CVE-2021-45489
was published
Dec 26, 2021
Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a...
High
Unreviewed
CVE-2013-20003
was published
Feb 10, 2022
The use of a cryptographically weak pseudo-random number generator in the password reset feature...
High
Unreviewed
CVE-2021-36171
was published
Mar 2, 2022
ProTip!
Advisories are also available from the
GraphQL API