Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
Insecure Entropy Source - Math.random() in node-uuid High
CVE-2015-8851 was published for node-uuid (npm) Apr 16, 2020
CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic... High Unreviewed
CVE-2022-33756 was published Jun 17, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, ... High Unreviewed
CVE-2020-29505 was published Jul 12, 2022
The authentication implementation on the xArm controller has very low entropy, making it... High Unreviewed
CVE-2020-10285 was published May 24, 2022
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the... High Unreviewed
CVE-2020-25926 was published May 24, 2022
Insufficient Entropy in DotNetNuke High
CVE-2018-15812 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
Insufficient Entropy in DotNetNuke High
CVE-2018-18326 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape... High Unreviewed
CVE-2014-8422 was published May 13, 2022
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone High
CVE-2020-28924 was published for github.com/rclone/rclone (Go) Jun 10, 2021
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with... High Unreviewed
CVE-2017-0897 was published May 13, 2022
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The... High Unreviewed
CVE-2017-13992 was published May 13, 2022
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token... High Unreviewed
CVE-2018-10240 was published May 14, 2022
Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it... High Unreviewed
CVE-2014-0691 was published May 17, 2022
Rancher cattle-token is predictable High
CVE-2022-43755 was published for github.com/rancher/rancher (Go) Jan 25, 2023
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys... High Unreviewed
CVE-2015-3405 was published May 13, 2022
A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom... High Unreviewed
CVE-2023-20107 was published Mar 23, 2023
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params High
CVE-2022-31034 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
crenshaw-dev jgwest
AdamKorcz DavidKorczynski
Apache OpenOffice supports the storage of passwords for web connections in the user's... High Unreviewed
CVE-2022-37401 was published Aug 16, 2022
Pallets Werkzeug Insufficient Entropy High
CVE-2019-14806 was published for werkzeug (pip) Aug 21, 2019
jose4j uses weak cryptographic algorithm High
CVE-2023-31582 was published for org.bitbucket.b_c:jose4j (Maven) Oct 25, 2023
An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could... High Unreviewed
CVE-2023-31176 was published Nov 30, 2023
An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that... High Unreviewed
CVE-2023-46648 was published Dec 21, 2023
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses... High Unreviewed
CVE-2001-0950 was published Apr 30, 2022
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit... High Unreviewed
CVE-2008-2108 was published May 1, 2022
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple... High Unreviewed
CVE-2019-15847 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database