Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,426
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

104 advisories

Loading
Improper random number generation in github.com/coredns/coredns Moderate
GHSA-gv9j-4w24-q7vx was published for github.com/coredns/coredns (Go) Mar 1, 2022
Predictable CSRF tokens in centreon/centreon Moderate
CVE-2021-28055 was published for centreon/centreon (Composer) Jun 8, 2021
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't... Moderate Unreviewed
CVE-2022-29035 was published Apr 12, 2022
SHA1 implementation in JetBrains Ktor Native before 2.0.1 was returning the same value Moderate Unreviewed
CVE-2022-29930 was published May 13, 2022
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's... Moderate Unreviewed
CVE-2018-1108 was published May 13, 2022
Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute... Moderate Unreviewed
CVE-2020-15023 was published May 24, 2022
Weak private key generation in SSH.NET Moderate
CVE-2022-29245 was published for SSH.NET (NuGet) Jun 1, 2022
yaumn-synacktiv
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of... Moderate Unreviewed
CVE-2021-25444 was published May 24, 2022
Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker... Moderate Unreviewed
CVE-2022-33707 was published Jul 13, 2022
totd before 1.5.3 does not properly randomize mesg IDs. Moderate Unreviewed
CVE-2022-34295 was published Jun 24, 2022
The password reset token in CWP v0.9.8.1126 is generated using known or predictable values. Moderate Unreviewed
CVE-2022-25047 was published Jul 8, 2022
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random... Moderate Unreviewed
CVE-2015-9019 was published May 17, 2022
Spring Security uses insufficiently random values Moderate
CVE-2019-3795 was published for org.springframework.security:spring-security-core (Maven) Apr 16, 2019
A vulnerability, which was classified as problematic, has been found in fredsmith utils. This... Moderate Unreviewed
CVE-2021-4277 was published Dec 25, 2022
Use of unclaimed s3 bucket in tests and examples Moderate
CVE-2022-36022 was published for org.deeplearning4j:dl4j-examples (Maven) Nov 10, 2022
draco1725
A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1.... Moderate Unreviewed
CVE-2022-3959 was published Nov 11, 2022
ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used... Moderate Unreviewed
CVE-2022-38970 was published Sep 27, 2022
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device... Moderate Unreviewed
CVE-2019-18282 was published May 24, 2022
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in... Moderate Unreviewed
CVE-2020-7241 was published May 24, 2022
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2... Moderate Unreviewed
CVE-2020-1759 was published May 24, 2022
Ratpack's default client side session signing key is highly predictable Moderate
CVE-2021-29480 was published for io.ratpack:ratpack-session (Maven) Jul 1, 2021
JLLeitschuh
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of... Moderate Unreviewed
CVE-2020-13817 was published May 24, 2022
The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the... Moderate Unreviewed
CVE-2020-10274 was published May 24, 2022
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain... Moderate Unreviewed
CVE-2020-16166 was published May 24, 2022
In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of... Moderate Unreviewed
CVE-2021-0375 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database