GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
82 advisories
Filter by severity
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper...
Critical
Unreviewed
CVE-2023-4344
was published
Aug 15, 2023
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated,...
Moderate
Unreviewed
CVE-2023-38357
was published
Aug 1, 2023
?The affected TBox RTUs generate software security tokens using insufficient entropy. The random...
Moderate
Unreviewed
CVE-2023-36610
was published
Jul 3, 2023
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an...
Critical
Unreviewed
CVE-2023-3325
was published
Jun 20, 2023
A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom...
High
Unreviewed
CVE-2023-20107
was published
Mar 23, 2023
Rancher cattle-token is predictable
High
CVE-2022-43755
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected
Critical
CVE-2021-4238
was published
for
github.com/Masterminds/goutils
(Go)
Dec 28, 2022
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC)...
Moderate
Unreviewed
CVE-2022-20941
was published
Nov 16, 2022
Insufficient Entropy in PHPServerMon PRNG
Moderate
CVE-2021-4240
was published
for
phpservermon/phpservermon
(Composer)
Nov 16, 2022
PHPServerMon PRNG has Insufficient Entropy
Moderate
CVE-2021-4241
was published
for
phpservermon/phpservermon
(Composer)
Nov 16, 2022
An insufficient entropy vulnerability caused by the improper use of randomness sources with low...
Moderate
Unreviewed
CVE-2022-34746
was published
Sep 21, 2022
Apache OpenOffice supports the storage of passwords for web connections in the user's...
High
Unreviewed
CVE-2022-37401
was published
Aug 16, 2022
dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot...
Moderate
Unreviewed
CVE-2022-33989
was published
Aug 16, 2022
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation...
Critical
Unreviewed
CVE-2021-41615
was published
Aug 9, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
...
High
Unreviewed
CVE-2020-29505
was published
Jul 12, 2022
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
High
CVE-2022-31034
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic...
High
Unreviewed
CVE-2022-33756
was published
Jun 17, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An...
Moderate
Unreviewed
CVE-2022-27221
was published
Jun 15, 2022
Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness
Critical
Unreviewed
CVE-2013-2260
was published
May 24, 2022
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the...
High
Unreviewed
CVE-2020-25926
was published
May 24, 2022
A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all...
Critical
Unreviewed
CVE-2021-22727
was published
May 24, 2022
Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce.
Critical
Unreviewed
CVE-2021-33027
was published
May 24, 2022
A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit...
Moderate
Unreviewed
CVE-2021-3505
was published
May 24, 2022
The authentication implementation on the xArm controller has very low entropy, making it...
High
Unreviewed
CVE-2020-10285
was published
May 24, 2022
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before...
High
Unreviewed
CVE-2020-11957
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API