GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
236 advisories
Filter by severity
Use of Insufficiently Random Values vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3,...
Unknown
Unreviewed
CVE-2024-28013
was published
Mar 28, 2024
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys
Critical
GHSA-84c3-j8r2-mcm8
was published
for
@nfid/embed
(npm)
Feb 26, 2024
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure...
Moderate
Unreviewed
CVE-2024-22473
was published
Feb 21, 2024
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`
Critical
CVE-2024-1631
was published
for
@dfinity/auth-client
(npm)
Feb 21, 2024
Use of Insufficiently Random Values in github.com/greenpau/caddy-security
Moderate
CVE-2024-21495
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all...
High
Unreviewed
CVE-2024-0761
was published
Feb 6, 2024
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session....
Moderate
Unreviewed
CVE-2024-23688
was published
Jan 20, 2024
Insecure random string generator used for sensitive data
Moderate
CVE-2023-46740
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This...
Moderate
Unreviewed
CVE-2023-32831
was published
Jan 2, 2024
A vulnerability classified as problematic has been found in Poly CCX 400, CCX 600, Trio 8800 and...
Low
Unreviewed
CVE-2023-4462
was published
Dec 29, 2023
Henschen & Associates court document management software does not sufficiently randomize file...
Moderate
Unreviewed
CVE-2023-6376
was published
Nov 30, 2023
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption
High
CVE-2023-48056
was published
for
pypinksign
(pip)
Nov 16, 2023
In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.
Critical
Unreviewed
CVE-2020-27630
was published
Oct 10, 2023
In PicoTCP 1.7.0, TCP ISNs are improperly random.
Critical
Unreviewed
CVE-2020-27635
was published
Oct 10, 2023
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ...
High
Unreviewed
CVE-2020-27213
was published
Oct 10, 2023
In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.
Critical
Unreviewed
CVE-2020-27631
was published
Oct 10, 2023
In Contiki 4.5, TCP ISNs are improperly random.
Critical
Unreviewed
CVE-2020-27634
was published
Oct 10, 2023
In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.
Critical
Unreviewed
CVE-2020-27636
was published
Oct 10, 2023
In FNET 4.6.3, TCP ISNs are improperly random.
Critical
Unreviewed
CVE-2020-27633
was published
Oct 10, 2023
Magento LTS's guest order "protect code" can be brute-forced too easily
High
CVE-2023-41879
was published
for
openmage/magento-lts
(Composer)
Sep 11, 2023
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of...
High
Unreviewed
CVE-2023-34353
was published
Sep 5, 2023
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass...
Critical
Unreviewed
CVE-2023-39979
was published
Sep 2, 2023
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper...
Critical
Unreviewed
CVE-2023-4344
was published
Aug 15, 2023
Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R...
Moderate
Unreviewed
CVE-2023-24478
was published
Aug 15, 2023
Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation...
Critical
Unreviewed
CVE-2023-3373
was published
Aug 4, 2023
ProTip!
Advisories are also available from the
GraphQL API