Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Loading
Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator Low
CVE-2025-24783 was published for org.apache.cocoon:cocoon-forms-impl (Maven) Jan 27, 2025
ColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name... Moderate Unreviewed
CVE-2024-55566 was published Dec 9, 2024
Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to... High Unreviewed
CVE-2021-34600 was published Jan 21, 2022
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the... Unknown Unreviewed
CVE-2024-27632 was published Apr 9, 2024
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through... Critical Unreviewed
CVE-2024-36048 was published May 18, 2024
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time... High Unreviewed
CVE-2016-10180 was published May 13, 2022
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Secomea... High Unreviewed
CVE-2024-1579 was published Apr 29, 2024
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. Critical Unreviewed
CVE-2012-1577 was published Apr 23, 2022
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. High Unreviewed
CVE-2020-13784 was published May 24, 2022
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random... Moderate Unreviewed
CVE-2018-12384 was published May 24, 2022
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in... Critical Unreviewed
CVE-2020-10256 was published May 24, 2022
Cryptographic Issues in ECK High
CVE-2020-7010 was published for github.com/elastic/cloud-on-k8s (Go) Feb 15, 2022
Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number... Critical Unreviewed
CVE-2023-4472 was published Feb 2, 2024
Insecure PRNG use in random_password_generator High
CVE-2019-25061 was published for random_password_generator (RubyGems) May 19, 2022
Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric... Critical Unreviewed
CVE-2022-40267 was published Jan 20, 2023
A flaw in the previous versions of the product may allow an authenticated attacker the ability to... High Unreviewed
CVE-2021-42810 was published Jan 20, 2022
An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of... High Unreviewed
CVE-2018-12520 was published May 13, 2022
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows... High Unreviewed
CVE-2017-5214 was published May 13, 2022
passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin... Critical Unreviewed
CVE-2017-11519 was published May 13, 2022
Insecure random number generation in keypair High
CVE-2021-41117 was published for keypair (npm) Oct 11, 2021
vcsjones
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG... Critical Unreviewed
CVE-2018-1426 was published May 13, 2022
In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang... Critical Unreviewed
CVE-2019-10908 was published May 13, 2022
Fastly Compute@Edge JS Runtime has fixed random number seed during compilation High
CVE-2022-39218 was published for @fastly/js-compute (npm) Sep 20, 2022
JakeChampion
A predictable seed vulnerability exists in the password reset functionality of Epignosis... High Unreviewed
CVE-2020-28597 was published May 24, 2022
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the... High Unreviewed
CVE-2020-11616 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database