Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,722
Maven
5,000+
npm
4,330
NuGet
762
pip
4,107
Pub
12
RubyGems
959
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

139 advisories

Loading
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values Critical
CVE-2025-66565 was published for github.com/gofiber/utils (Go) Dec 8, 2025
sixcolors
Credited to sixcolors
In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as... High Unreviewed
CVE-2025-7394 was published Jul 19, 2025
Apache Druid’s Kerberos authenticator uses a weak fallback secret Critical
CVE-2025-59390 was published for org.apache.druid:druid (Maven) Nov 26, 2025
A vulnerability was identified in the password generation algorithm when accessing the debug... High Unreviewed
CVE-2025-41731 was published Nov 10, 2025
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces... High Unreviewed
CVE-2025-40920 was published Aug 11, 2025
Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The... High Unreviewed
CVE-2025-40923 was published Jul 16, 2025
Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce... Moderate Unreviewed
CVE-2025-40918 was published Jul 16, 2025
RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed ... High Unreviewed
CVE-2024-25389 was published Mar 27, 2024
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This ... Moderate Unreviewed
CVE-2023-45237 was published Jan 16, 2024
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This ... Moderate Unreviewed
CVE-2023-45236 was published Jan 16, 2024
Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets. ... Moderate Unreviewed
CVE-2024-58135 was published May 3, 2025
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time... High Unreviewed
CVE-2014-2362 was published May 17, 2022
Starch versions 0.14 and earlier generate session ids insecurely. The default session id... Critical Unreviewed
CVE-2025-40925 was published Sep 22, 2025
Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids... High Unreviewed
CVE-2025-40933 was published Sep 17, 2025
Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed
CVE-2024-56370 was published Apr 5, 2025
Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed
CVE-2024-58036 was published Apr 7, 2025
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt... Moderate Unreviewed
CVE-2025-27551 was published Mar 26, 2025
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt... Moderate Unreviewed
CVE-2025-27552 was published Mar 26, 2025
Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not... High Unreviewed
CVE-2025-1828 was published Mar 11, 2025
Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default... Moderate Unreviewed
CVE-2025-2814 was published Apr 13, 2025
WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed
CVE-2024-52322 was published Apr 7, 2025
Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed
CVE-2024-57868 was published Apr 7, 2025
Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy... High Unreviewed
CVE-2025-1860 was published Mar 28, 2025
Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The... Moderate Unreviewed
CVE-2025-40924 was published Jul 17, 2025
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce... Moderate Unreviewed
CVE-2025-40919 was published Jul 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database