GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,099
Composer 4,077
Erlang 29
GitHub Actions 19
Go 1,903
Maven 5,100
npm 3,632
NuGet 638
pip 3,249
Pub 10
RubyGems 864
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,493

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

28 advisories

Filter by severity

Sort by

Least recently updated

A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to... Moderate Unreviewed

CVE-2021-42138 was published Dec 21, 2021

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2)... Moderate Unreviewed

CVE-2008-1447 was published May 3, 2022

A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon... Moderate Unreviewed

CVE-2017-6030 was published May 13, 2022

QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local... Moderate Unreviewed

CVE-2016-2858 was published May 13, 2022

Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK... Moderate Unreviewed

CVE-2019-9555 was published May 13, 2022

Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying... Moderate Unreviewed

CVE-2016-2564 was published May 13, 2022

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys... Moderate Unreviewed

CVE-2017-2625 was published May 13, 2022

A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide... Moderate Unreviewed

CVE-2018-8435 was published May 13, 2022

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local... Moderate Unreviewed

CVE-2017-2626 was published May 14, 2022

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library... Moderate Unreviewed

CVE-2019-10064 was published May 24, 2022

It's possible that an authenticated user guess other session IDs based on its own. Also it's... Moderate Unreviewed

CVE-2020-1773 was published May 24, 2022

A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit... Moderate Unreviewed

CVE-2021-3505 was published May 24, 2022

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An... Moderate Unreviewed

CVE-2022-27221 was published Jun 15, 2022

dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot... Moderate Unreviewed

CVE-2022-33989 was published Aug 16, 2022

An insufficient entropy vulnerability caused by the improper use of randomness sources with low... Moderate Unreviewed

CVE-2022-34746 was published Sep 21, 2022

Insufficient Entropy in PHPServerMon PRNG Moderate

CVE-2021-4240 was published for phpservermon/phpservermon (Composer) Nov 16, 2022

PHPServerMon PRNG has Insufficient Entropy Moderate

CVE-2021-4241 was published for phpservermon/phpservermon (Composer) Nov 16, 2022

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC)... Moderate Unreviewed

CVE-2022-20941 was published Nov 16, 2022

?The affected TBox RTUs generate software security tokens using insufficient entropy. The random... Moderate Unreviewed

CVE-2023-36610 was published Jul 3, 2023

Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated,... Moderate Unreviewed

CVE-2023-38357 was published Aug 1, 2023

An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If... Moderate Unreviewed

CVE-2023-34973 was published Aug 24, 2023

pubnub Insufficient Entropy vulnerability Moderate

CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023

FOSUserBundle Entropy is lost in the TokenGenerator Moderate

GHSA-pjx8-984p-7p3x was published for friendsofsymfony/user-bundle (Composer) May 15, 2024

Insecure State Generation in laravel/socialite Moderate

GHSA-h97c-qp24-439v was published for laravel/socialite (Composer) May 15, 2024

An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor,... Moderate Unreviewed

CVE-2023-49927 was published Jun 5, 2024

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

28 advisories