Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,331
Erlang
31
GitHub Actions
21
Go
2,093
Maven
5,000+
npm
3,756
NuGet
678
pip
3,443
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

85 advisories

Loading
Due to unencrypted signal communication and predictability of rolling codes, an attacker can ... High Unreviewed
CVE-2019-9860 was published May 13, 2022
Cryptographically weak CSRF tokens in Apache MyFaces High
CVE-2021-26296 was published for org.apache.myfaces.core:myfaces-core-module (Maven) Jun 16, 2021
Use of Insufficiently Random Values in yiisoft/yii2-dev High
CVE-2021-3689 was published for yiisoft/yii2-dev (Composer) Sep 1, 2021
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the... High Unreviewed
CVE-2017-13082 was published May 13, 2022
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380... High Unreviewed
CVE-2017-15654 was published May 13, 2022
wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be... High Unreviewed
CVE-2017-17091 was published May 13, 2022
A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569... High Unreviewed
CVE-2017-17704 was published May 13, 2022
POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be... High Unreviewed
CVE-2018-15807 was published May 13, 2022
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. High Unreviewed
CVE-2018-20025 was published May 14, 2022
In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure... High Unreviewed
CVE-2019-1997 was published May 14, 2022
The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum... High Unreviewed
CVE-2018-17987 was published May 14, 2022
Predictable SIF UUID Identifiers in github.com/sylabs/sif High
CVE-2021-29499 was published for github.com/sylabs/sif (Go) May 18, 2021
Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide... High Unreviewed
CVE-2022-30782 was published May 17, 2022
PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote... High Unreviewed
CVE-2017-10874 was published May 17, 2022
Rancher cattle-token is predictable High
CVE-2022-43755 was published for github.com/rancher/rancher (Go) Jan 25, 2023
Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and... High Unreviewed
CVE-2023-0343 was published Mar 31, 2023
This vulnerability allows network-adjacent attackers to bypass authentication on affected... High Unreviewed
CVE-2022-43636 was published Mar 29, 2023
The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers... High Unreviewed
CVE-2023-26855 was published Apr 4, 2023
Insecure PRNG use in random_password_generator High
CVE-2019-25061 was published for random_password_generator (RubyGems) May 19, 2022
Improper file handling in concrete5/core High
CVE-2021-22968 was published for concrete5/core (Composer) Nov 23, 2021
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,... High Unreviewed
CVE-2021-26726 was published Feb 17, 2022
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user... High Unreviewed
CVE-2021-24998 was published Dec 28, 2021
LibreOffice supports the storage of passwords for web connections in the user’s configuration... High Unreviewed
CVE-2022-26306 was published Jul 26, 2022
Use of Hard-coded Credentials in Apache Kylin High
CVE-2021-45458 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params High
CVE-2022-31034 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
crenshaw-dev jgwest
AdamKorcz DavidKorczynski
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database