GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
Insecure Entropy Source - Math.random() in node-uuid
High
CVE-2015-8851
was published
for
node-uuid
(npm)
Apr 16, 2020
Insufficient Entropy in parsel
Critical
GHSA-vjvw-wcmw-pr26
was published
for
parsel
(npm)
Sep 4, 2020
Insufficient Entropy in DotNetNuke
High
CVE-2018-18326
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Insufficient Entropy in DotNetNuke
High
CVE-2018-15812
was published
for
DotNetNuke.Core
(NuGet)
Jul 5, 2019
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone
High
CVE-2020-28924
was published
for
github.com/rclone/rclone
(Go)
Jun 10, 2021
Rancher cattle-token is predictable
High
CVE-2022-43755
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
PHPServerMon PRNG has Insufficient Entropy
Moderate
CVE-2021-4241
was published
for
phpservermon/phpservermon
(Composer)
Nov 16, 2022
Insufficient Entropy in PHPServerMon PRNG
Moderate
CVE-2021-4240
was published
for
phpservermon/phpservermon
(Composer)
Nov 16, 2022
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
High
CVE-2022-31034
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
jose4j uses weak cryptographic algorithm
High
CVE-2023-31582
was published
for
org.bitbucket.b_c:jose4j
(Maven)
Oct 25, 2023
Insufficient Entropy in cryptiles
Critical
CVE-2018-1000620
was published
for
cryptiles
(npm)
Sep 11, 2018
WWBN AVideo Insufficient Entropy vulnerbaility
Critical
CVE-2023-49599
was published
for
wwbn/avideo
(Composer)
Jan 10, 2024
FOSUserBundle Entropy is lost in the TokenGenerator
Moderate
GHSA-pjx8-984p-7p3x
was published
for
friendsofsymfony/user-bundle
(Composer)
May 15, 2024
Insecure State Generation in laravel/socialite
Moderate
GHSA-h97c-qp24-439v
was published
for
laravel/socialite
(Composer)
May 15, 2024
random_compat Uses insecure CSPRNG
Low
GHSA-3fmq-x9q6-wm39
was published
for
paragonie/random_compat
(Composer)
May 17, 2024
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected
Critical
CVE-2021-4238
was published
for
github.com/Masterminds/goutils
(Go)
Dec 28, 2022
pubnub Insufficient Entropy vulnerability
Moderate
CVE-2023-26154
was published
for
Pubnub
(RubyGems)
Dec 6, 2023
nano-id reduced entropy due to inadequate character set usage
Critical
GHSA-2hfw-w739-p7x5
was published
for
nano-id
(Rust)
Jun 4, 2024
ZendFramework Information Disclosure and Insufficient Entropy vulnerability
Moderate
GHSA-2fhr-8r8r-qp56
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability
High
GHSA-mg4x-prh7-g4mx
was published
for
zendframework/zend-captcha
(Composer)
Jun 7, 2024
ZendFramework1 Potential Insufficient Entropy Vulnerability
High
GHSA-8xhv-gqm4-3w99
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability
High
GHSA-848f-mph5-9pm9
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Unable to generate the correct character set
Critical
CVE-2024-36400
was published
for
nano-id
(Rust)
Jun 4, 2024
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length
Moderate
CVE-2024-8796
was published
for
devise-two-factor
(RubyGems)
Sep 17, 2024
ProTip!
Advisories are also available from the
GraphQL API