GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
The goTenna Pro series does not use SecureRandom when generating its cryptographic keys. The...
High
Unreviewed
CVE-2024-47126
was published
Sep 26, 2024
The goTenna Pro ATAK Plugin does not use SecureRandom when generating
its cryptographic keys....
High
Unreviewed
CVE-2024-45723
was published
Sep 26, 2024
Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography.
High
Unreviewed
CVE-2024-34538
was published
May 6, 2024
RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed ...
High
Unreviewed
CVE-2024-25389
was published
Mar 27, 2024
The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag...
High
Unreviewed
CVE-2024-23660
was published
Feb 8, 2024
Ethyca Fides Cryptographically Weak Generation of One-Time Codes for Identity Verification
High
CVE-2023-48224
was published
for
ethyca-fides
(pip)
Nov 16, 2023
An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate...
High
Unreviewed
CVE-2023-27791
was published
Oct 19, 2023
The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using...
High
Unreviewed
CVE-2022-26943
was published
Oct 19, 2023
The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6...
High
Unreviewed
CVE-2023-39910
was published
Aug 9, 2023
Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator.
High
Unreviewed
CVE-2023-32549
was published
Jun 6, 2023
Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm...
High
Unreviewed
CVE-2023-28395
was published
Mar 28, 2023
Passeo uses insecure random number generator
High
CVE-2022-23472
was published
for
Passeo
(pip)
Dec 6, 2022
profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can...
High
Unreviewed
CVE-2022-40769
was published
Sep 19, 2022
OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token...
High
Unreviewed
CVE-2022-33738
was published
Jul 7, 2022
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to...
High
Unreviewed
CVE-2022-20817
was published
Jun 16, 2022
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the...
High
Unreviewed
CVE-2021-22948
was published
May 24, 2022
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
High
Unreviewed
CVE-2021-37553
was published
May 24, 2022
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
High
Unreviewed
CVE-2020-13784
was published
May 24, 2022
Use of Insufficiently Random Values in Apereo CAS
High
CVE-2019-10754
was published
for
org.apereo.cas:cas-server-core-services-api
(Maven)
May 24, 2022
Magento 2 Community Edition Weak PRNG
High
CVE-2019-7860
was published
for
magento/community-edition
(Composer)
May 24, 2022
Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver <...
High
Unreviewed
CVE-2019-5440
was published
May 24, 2022
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
High
CVE-2019-11842
was published
for
matrix-sydent
(pip)
May 24, 2022
An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs...
High
Unreviewed
CVE-2017-17845
was published
May 14, 2022
** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology...
High
Unreviewed
CVE-2017-9230
was published
May 14, 2022
The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an...
High
Unreviewed
CVE-2018-12454
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API