Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

274 advisories

Loading
Magento LTS's guest order "protect code" can be brute-forced too easily High
CVE-2023-41879 was published for openmage/magento-lts (Composer) Sep 11, 2023
theroch fballiano
colinmollenhour
Credited to theroch, fballiano, and colinmollenhour
An authentication bypass vulnerability exists in the OAS Engine authentication functionality of... High Unreviewed
CVE-2023-34353 was published Sep 5, 2023
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass... Critical Unreviewed
CVE-2023-39979 was published Sep 2, 2023
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper... Critical Unreviewed
CVE-2023-4344 was published Aug 15, 2023
Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R... Moderate Unreviewed
CVE-2023-24478 was published Aug 15, 2023
Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation... Critical Unreviewed
CVE-2023-3373 was published Aug 4, 2023
Functions with insufficient randomness were used to generate authorization tokens of the... High Unreviewed
CVE-2023-26451 was published Aug 2, 2023
A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster... Low Unreviewed
CVE-2023-3803 was published Jul 21, 2023
A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000... High Unreviewed
CVE-2023-20185 was published Jul 12, 2023
Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow... Moderate Unreviewed
CVE-2022-43485 was published Jul 6, 2023
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of... High Unreviewed
CVE-2023-1385 was published Jul 6, 2023
Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S,... Moderate Unreviewed
CVE-2022-26080 was published Jul 6, 2023
Use of insufficiently random values vulnerability in User Management Functionality in Synology... High Unreviewed
CVE-2023-2729 was published Jun 13, 2023
Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker... High Unreviewed
CVE-2023-1898 was published Jun 12, 2023
crypto-js uses insecure random numbers Moderate
CVE-2020-36732 was published for crypto-js (npm) Jun 12, 2023
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random... Critical Unreviewed
CVE-2023-2884 was published May 25, 2023
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This... Low Unreviewed
CVE-2023-2418 was published Apr 29, 2023
Duplicate Advisory: Lemur subject to insecure random generation High
GHSA-r4xg-4wrv-w72h was published for lemur (pip) Apr 19, 2023 withdrawn
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers... High Unreviewed
CVE-2023-26855 was published Apr 4, 2023
Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and... High Unreviewed
CVE-2023-0343 was published Mar 31, 2023
This vulnerability allows network-adjacent attackers to bypass authentication on affected... High Unreviewed
CVE-2022-43636 was published Mar 29, 2023
Lemur subject to insecure random generation High
CVE-2023-30797 was published for lemur (pip) Mar 1, 2023
kjsman
Credited to kjsman
A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the... Moderate Unreviewed
CVE-2023-20016 was published Feb 23, 2023
KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP... Critical Unreviewed
CVE-2022-43501 was published Feb 10, 2023
Rancher cattle-token is predictable High
CVE-2022-43755 was published for github.com/rancher/rancher (Go) Jan 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database