GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,656
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
77 advisories
Filter by severity
Denial of service attack via push rule patterns in matrix-synapse
Moderate
CVE-2021-29471
was published
for
matrix-synapse
(pip)
May 13, 2021
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length
Moderate
CVE-2024-8796
was published
for
devise-two-factor
(RubyGems)
Sep 17, 2024
An insufficient entropy vulnerability caused by the improper use of a randomness function with...
Moderate
Unreviewed
CVE-2024-38270
was published
Sep 10, 2024
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper...
Critical
Unreviewed
CVE-2023-4344
was published
Aug 15, 2023
Openshift Console insufficient entropy vulnerability
High
CVE-2024-6508
was published
for
github.com/openshift/console
(Go)
Aug 21, 2024
Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex...
Critical
Unreviewed
CVE-2024-25730
was published
Feb 24, 2024
An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor,...
Moderate
Unreviewed
CVE-2023-49927
was published
Jun 5, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An...
Moderate
Unreviewed
CVE-2022-27221
was published
Jun 15, 2022
Unable to generate the correct character set
Critical
CVE-2024-36400
was published
for
nano-id
(Rust)
Jun 4, 2024
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability
High
GHSA-848f-mph5-9pm9
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework1 Potential Insufficient Entropy Vulnerability
High
GHSA-8xhv-gqm4-3w99
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability
High
GHSA-mg4x-prh7-g4mx
was published
for
zendframework/zend-captcha
(Composer)
Jun 7, 2024
ZendFramework Information Disclosure and Insufficient Entropy vulnerability
Moderate
GHSA-2fhr-8r8r-qp56
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
nano-id reduced entropy due to inadequate character set usage
Critical
GHSA-2hfw-w739-p7x5
was published
for
nano-id
(Rust)
Jun 4, 2024
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected
Critical
CVE-2021-4238
was published
for
github.com/Masterminds/goutils
(Go)
Dec 28, 2022
random_compat Uses insecure CSPRNG
Low
GHSA-3fmq-x9q6-wm39
was published
for
paragonie/random_compat
(Composer)
May 17, 2024
Insecure State Generation in laravel/socialite
Moderate
GHSA-h97c-qp24-439v
was published
for
laravel/socialite
(Composer)
May 15, 2024
FOSUserBundle Entropy is lost in the TokenGenerator
Moderate
GHSA-pjx8-984p-7p3x
was published
for
friendsofsymfony/user-bundle
(Composer)
May 15, 2024
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If...
Moderate
Unreviewed
CVE-2023-34973
was published
Aug 24, 2023
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated,...
Moderate
Unreviewed
CVE-2023-38357
was published
Aug 1, 2023
?The affected TBox RTUs generate software security tokens using insufficient entropy. The random...
Moderate
Unreviewed
CVE-2023-36610
was published
Jul 3, 2023
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an...
Critical
Unreviewed
CVE-2023-3325
was published
Jun 20, 2023
Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness
Critical
Unreviewed
CVE-2013-2260
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API