Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,946
Erlang
29
GitHub Actions
16
Go
1,734
Maven
4,963
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+

240 advisories

A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All... High Unreviewed
CVE-2024-35292 was published Jun 11, 2024
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities High
GHSA-xg9w-r469-m455 was published for zendframework/zendframework (Composer) Jun 7, 2024
The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up... Moderate Unreviewed
CVE-2024-5149 was published Jun 5, 2024
MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication... Critical Unreviewed
CVE-2024-36389 was published Jun 2, 2024
Use of Insufficiently Random Values vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3,... Unknown Unreviewed
CVE-2024-28013 was published Mar 28, 2024
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys Critical
GHSA-84c3-j8r2-mcm8 was published for @nfid/embed (npm) Feb 26, 2024
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure... Moderate Unreviewed
CVE-2024-22473 was published Feb 21, 2024
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate` Critical
CVE-2024-1631 was published for @dfinity/auth-client (npm) Feb 21, 2024
peterpeterparker krpeacock
Use of Insufficiently Random Values in github.com/greenpau/caddy-security Moderate
CVE-2024-21495 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all... High Unreviewed
CVE-2024-0761 was published Feb 6, 2024
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session.... Moderate Unreviewed
CVE-2024-23688 was published Jan 20, 2024
Insecure random string generator used for sensitive data Moderate
CVE-2023-46740 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This... Moderate Unreviewed
CVE-2023-32831 was published Jan 2, 2024
A vulnerability classified as problematic has been found in Poly CCX 400, CCX 600, Trio 8800 and... Low Unreviewed
CVE-2023-4462 was published Dec 29, 2023
Henschen & Associates court document management software does not sufficiently randomize file... Moderate Unreviewed
CVE-2023-6376 was published Nov 30, 2023
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption High
CVE-2023-48056 was published for pypinksign (pip) Nov 16, 2023
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ... High Unreviewed
CVE-2020-27213 was published Oct 10, 2023
In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27636 was published Oct 10, 2023
In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27630 was published Oct 10, 2023
In Contiki 4.5, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27634 was published Oct 10, 2023
In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27631 was published Oct 10, 2023
In PicoTCP 1.7.0, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27635 was published Oct 10, 2023
In FNET 4.6.3, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27633 was published Oct 10, 2023
Magento LTS's guest order "protect code" can be brute-forced too easily High
CVE-2023-41879 was published for openmage/magento-lts (Composer) Sep 11, 2023
theroch fballiano
colinmollenhour
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of... High Unreviewed
CVE-2023-34353 was published Sep 5, 2023
ProTip! Advisories are also available from the GraphQL API