Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,782
Erlang
36
GitHub Actions
29
Go
2,346
Maven
5,000+
npm
3,976
NuGet
720
pip
3,772
Pub
12
RubyGems
923
Rust
980
Swift
38
Unreviewed advisories
All unreviewed
5,000+

127 advisories

Loading
RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed ... High Unreviewed
CVE-2024-25389 was published Mar 27, 2024
Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography. High Unreviewed
CVE-2024-34538 was published May 6, 2024
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation Critical
CVE-2024-29868 was published for org.apache.streampipes:streampipes-resource-management (Maven) Jun 24, 2024
oscerd
Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to... High Unreviewed
CVE-2021-34600 was published Jan 21, 2022
go.uuid has Predictable UUID Identifiers Critical
CVE-2021-3538 was published for github.com/satori/go.uuid (Go) Feb 7, 2023
The goTenna Pro ATAK Plugin does not use SecureRandom when generating its cryptographic keys.... High Unreviewed
CVE-2024-45723 was published Sep 26, 2024
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG High
CVE-2019-11842 was published for matrix-sydent (pip) May 24, 2022
westonsteimel
The goTenna Pro series does not use SecureRandom when generating its cryptographic keys. The... High Unreviewed
CVE-2024-47126 was published Sep 26, 2024
Passeo uses insecure random number generator High
CVE-2022-23472 was published for Passeo (pip) Dec 6, 2022
Bluenix2 ArjunSharda
An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information... Moderate Unreviewed
CVE-2023-50059 was published Apr 30, 2024
Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware)... Low Unreviewed
CVE-2023-31305 was published Aug 13, 2024
Withdrawn Advisory: go-mysql affected by go.uuid's Predictable UUID Identifiers Critical
GHSA-rc7v-65v6-m2v3 was published for github.com/go-mysql-org/go-mysql (Go) Oct 28, 2024 withdrawn
Fidget-Grep
An HTTP digest authentication nonce value was generated using `rand()` which could lead to... Moderate Unreviewed
CVE-2024-4772 was published May 14, 2024
tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand... Moderate Unreviewed
CVE-2024-45751 was published Sep 6, 2024
Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the... Moderate Unreviewed
CVE-2024-53702 was published Dec 5, 2024
The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand()... High Unreviewed
CVE-2018-25107 was published Dec 29, 2024
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a... Moderate Unreviewed
CVE-2002-20002 was published Jan 2, 2025
Guzzle OAuth Subscriber has insufficient nonce entropy Moderate
CVE-2025-21617 was published for guzzlehttp/oauth-subscriber (Composer) Jan 6, 2025
psyker156
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN... Critical Unreviewed
CVE-2024-40762 was published Jan 9, 2025
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32... Critical Unreviewed
CVE-2025-22376 was published Jan 4, 2025
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This ... Moderate Unreviewed
CVE-2023-45237 was published Jan 16, 2024
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This ... Moderate Unreviewed
CVE-2023-45236 was published Jan 16, 2024
Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not... High Unreviewed
CVE-2025-1828 was published Mar 11, 2025
A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including... High Unreviewed
CVE-2025-1796 was published Mar 20, 2025
A use of a cryptographically weak pseudo-random number generator vulnerability in the... High Unreviewed
CVE-2021-26091 was published Mar 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database