GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,683
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
51 advisories
Filter by severity
The devices are vulnerable to session hijacking due to insufficient
entropy in its session ID...
Critical
Unreviewed
CVE-2024-47945
was published
Oct 15, 2024
SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction...
High
Unreviewed
CVE-2024-25407
was published
Feb 13, 2024
An insufficient entropy vulnerability caused by the improper use of a randomness function with...
Moderate
Unreviewed
CVE-2024-38270
was published
Sep 10, 2024
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper...
Critical
Unreviewed
CVE-2023-4344
was published
Aug 15, 2023
Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex...
Critical
Unreviewed
CVE-2024-25730
was published
Feb 24, 2024
An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor,...
Moderate
Unreviewed
CVE-2023-49927
was published
Jun 5, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An...
Moderate
Unreviewed
CVE-2022-27221
was published
Jun 15, 2022
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If...
Moderate
Unreviewed
CVE-2023-34973
was published
Aug 24, 2023
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated,...
Moderate
Unreviewed
CVE-2023-38357
was published
Aug 1, 2023
?The affected TBox RTUs generate software security tokens using insufficient entropy. The random...
Moderate
Unreviewed
CVE-2023-36610
was published
Jul 3, 2023
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an...
Critical
Unreviewed
CVE-2023-3325
was published
Jun 20, 2023
Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness
Critical
Unreviewed
CVE-2013-2260
was published
May 24, 2022
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before...
High
Unreviewed
CVE-2020-11957
was published
May 24, 2022
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple...
High
Unreviewed
CVE-2019-15847
was published
May 24, 2022
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass...
Critical
Unreviewed
CVE-2021-36320
was published
Nov 21, 2021
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit...
High
Unreviewed
CVE-2008-2108
was published
May 1, 2022
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses...
High
Unreviewed
CVE-2001-0950
was published
Apr 30, 2022
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC)...
Moderate
Unreviewed
CVE-2022-20941
was published
Nov 16, 2022
An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that...
High
Unreviewed
CVE-2023-46648
was published
Dec 21, 2023
An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could...
High
Unreviewed
CVE-2023-31176
was published
Nov 30, 2023
It's possible that an authenticated user guess other session IDs based on its own. Also it's...
Moderate
Unreviewed
CVE-2020-1773
was published
May 24, 2022
Apache OpenOffice supports the storage of passwords for web connections in the user's...
High
Unreviewed
CVE-2022-37401
was published
Aug 16, 2022
A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom...
High
Unreviewed
CVE-2023-20107
was published
Mar 23, 2023
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local...
Moderate
Unreviewed
CVE-2016-2858
was published
May 13, 2022
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys...
Moderate
Unreviewed
CVE-2017-2625
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API