Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,679
Erlang
34
GitHub Actions
26
Go
2,268
Maven
5,000+
npm
3,923
NuGet
705
pip
3,686
Pub
12
RubyGems
916
Rust
944
Swift
38
Unreviewed advisories
All unreviewed
5,000+

124 advisories

Loading
Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets. ... Unknown Unreviewed
CVE-2024-58135 was published May 3, 2025
Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content Low
CVE-2025-46653 was published for formidable (npm) Apr 26, 2025
qwilr-altonius
Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs ... Critical Unreviewed
CVE-2025-3495 was published Apr 16, 2025
Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default... Moderate Unreviewed
CVE-2025-2814 was published Apr 13, 2025
In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation... Critical Unreviewed
CVE-2025-32755 was published Apr 10, 2025
In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image... Critical Unreviewed
CVE-2025-32754 was published Apr 10, 2025
WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed
CVE-2024-52322 was published Apr 7, 2025
Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed
CVE-2024-58036 was published Apr 7, 2025
Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values.  String::Random... Moderate Unreviewed
CVE-2024-57835 was published Apr 7, 2025
Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed
CVE-2024-57868 was published Apr 7, 2025
Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed
CVE-2024-56370 was published Apr 5, 2025
Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for... Moderate Unreviewed
CVE-2025-1805 was published Apr 2, 2025
Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy... Unknown Unreviewed
CVE-2025-1860 was published Mar 28, 2025
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt... Moderate Unreviewed
CVE-2025-27552 was published Mar 26, 2025
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt... Moderate Unreviewed
CVE-2025-27551 was published Mar 26, 2025
A use of a cryptographically weak pseudo-random number generator vulnerability in the... High Unreviewed
CVE-2021-26091 was published Mar 24, 2025
A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including... High Unreviewed
CVE-2025-1796 was published Mar 20, 2025
Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not... High Unreviewed
CVE-2025-1828 was published Mar 11, 2025
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN... Critical Unreviewed
CVE-2024-40762 was published Jan 9, 2025
Guzzle OAuth Subscriber has insufficient nonce entropy Moderate
CVE-2025-21617 was published for guzzlehttp/oauth-subscriber (Composer) Jan 6, 2025
psyker156
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32... Critical Unreviewed
CVE-2025-22376 was published Jan 4, 2025
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a... Moderate Unreviewed
CVE-2002-20002 was published Jan 2, 2025
The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong... Moderate Unreviewed
CVE-2024-56830 was published Jan 2, 2025
The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand()... High Unreviewed
CVE-2018-25107 was published Dec 29, 2024
Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the... Moderate Unreviewed
CVE-2024-53702 was published Dec 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database