Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

274 advisories

Loading
A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (versions... Moderate Unreviewed
CVE-2021-27393 was published May 24, 2022
Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote... Moderate Unreviewed
CVE-2021-25375 was published May 24, 2022
Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing... Moderate Unreviewed
CVE-2021-26909 was published May 24, 2022
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and... Moderate Unreviewed
CVE-2021-23020 was published May 24, 2022
Use of Insufficiently Random Values in Apereo CAS High
CVE-2019-10754 was published for org.apereo.cas:cas-server-core-services-api (Maven) May 24, 2022
An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow... High Unreviewed
CVE-2021-26098 was published May 24, 2022
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation... High Unreviewed
CVE-2022-29808 was published Aug 3, 2022
A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by... High Unreviewed
CVE-2019-25089 was published Dec 27, 2022
A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms... Moderate Unreviewed
CVE-2021-3446 was published May 24, 2022
An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers ... Critical Unreviewed
CVE-2020-35685 was published May 24, 2022
A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All... Moderate Unreviewed
CVE-2021-37186 was published May 24, 2022
Persistent platform private key may not be protected with a random IV leading to a potential “two... High Unreviewed
CVE-2021-26322 was published May 24, 2022
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then... High Unreviewed
CVE-2021-22038 was published May 24, 2022
Fastly Compute@Edge JS Runtime has fixed random number seed during compilation High
CVE-2022-39218 was published for @fastly/js-compute (npm) Sep 20, 2022
JakeChampion
Credited to JakeChampion
DNS NuGet package uses insufficiently random values Critical
CVE-2021-4248 was published for DNS (NuGet) Dec 18, 2022
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed... Moderate Unreviewed
CVE-2021-41993 was published May 3, 2022
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed... Moderate Unreviewed
CVE-2021-41994 was published May 3, 2022
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x... High Unreviewed
CVE-2022-26071 was published May 6, 2022
Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are... Critical Unreviewed
CVE-2021-34646 was published May 24, 2022
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to... High Unreviewed
CVE-2013-6925 was published May 13, 2022
Predictable password in Keycloak Critical
CVE-2020-1731 was published for org.keycloak:keycloak-core (Maven) Apr 15, 2020
Insufficient Entropy in Spring Security Moderate
CVE-2020-5408 was published for org.springframework.security:spring-security-core (Maven) Jun 15, 2020
Insufficient Nonce Validation in Eclipse Milo Client High
CVE-2019-19135 was published for org.eclipse.milo:sdk-client (Maven) Mar 16, 2020
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the... High Unreviewed
CVE-2019-8919 was published May 13, 2022
Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm... Critical Unreviewed
CVE-2019-9863 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database