Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,746
Maven
5,000+
npm
4,346
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

14 advisories

Loading
Starch versions 0.14 and earlier generate session ids insecurely. The default session id... Critical Unreviewed
CVE-2025-40925 was published Sep 22, 2025
An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that... Critical Unreviewed
CVE-2022-44796 was published Nov 7, 2022
Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for... Critical Unreviewed
CVE-2025-40916 was published Jun 16, 2025
Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs ... Critical Unreviewed
CVE-2025-3495 was published Apr 16, 2025
In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image... Critical Unreviewed
CVE-2025-32754 was published Apr 10, 2025
In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation... Critical Unreviewed
CVE-2025-32755 was published Apr 10, 2025
An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A... Critical Unreviewed
CVE-2022-45782 was published Feb 2, 2023
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32... Critical Unreviewed
CVE-2025-22376 was published Jan 4, 2025
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN... Critical Unreviewed
CVE-2024-40762 was published Jan 9, 2025
The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in... Critical Unreviewed
CVE-2023-36993 was published Jul 7, 2023
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with... Critical Unreviewed
CVE-2022-35255 was published Dec 6, 2022
It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates... Critical Unreviewed
CVE-2017-18021 was published May 14, 2022
In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset... Critical Unreviewed
CVE-2020-28642 was published May 24, 2022
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart,... Critical Unreviewed
CVE-2011-4574 was published Apr 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database