Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

252 advisories

Loading
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs... Critical Unreviewed
CVE-2017-6026 was published May 13, 2022
Predictable password in Keycloak Critical
CVE-2020-1731 was published for org.keycloak:keycloak-core (Maven) Apr 15, 2020
Insufficient Entropy in Spring Security Moderate
CVE-2020-5408 was published for org.springframework.security:spring-security-core (Maven) Jun 15, 2020
Insufficient Nonce Validation in Eclipse Milo Client High
CVE-2019-19135 was published for org.eclipse.milo:sdk-client (Maven) Mar 16, 2020
Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x... Moderate Unreviewed
CVE-2015-3963 was published May 13, 2022
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the... High Unreviewed
CVE-2019-8919 was published May 13, 2022
Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm... Critical Unreviewed
CVE-2019-9863 was published May 13, 2022
Due to unencrypted signal communication and predictability of rolling codes, an attacker can ... High Unreviewed
CVE-2019-9860 was published May 13, 2022
An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric... Critical Unreviewed
CVE-2019-0729 was published May 13, 2022
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. Critical Unreviewed
CVE-2019-9898 was published May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK)... Moderate Unreviewed
CVE-2017-13080 was published May 13, 2022
Weak JSON Web Token in yapi-vendor Moderate
CVE-2021-27884 was published for yapi-vendor (npm) Mar 26, 2021
Cryptographically weak CSRF tokens in Apache MyFaces High
CVE-2021-26296 was published for org.apache.myfaces.core:myfaces-core-module (Maven) Jun 16, 2021
The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary... Critical Unreviewed
CVE-2018-18602 was published May 13, 2022
Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-dev Moderate
CVE-2021-3692 was published for yiisoft/yii2-dev (Composer) Sep 1, 2021
Use of Insufficiently Random Values in yiisoft/yii2-dev High
CVE-2021-3689 was published for yiisoft/yii2-dev (Composer) Sep 1, 2021
The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well... Critical Unreviewed
CVE-2019-0007 was published May 13, 2022
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology... Moderate Unreviewed
CVE-2018-13280 was published May 13, 2022
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared... Moderate Unreviewed
CVE-2018-1279 was published May 13, 2022
NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that... Critical Unreviewed
CVE-2018-17888 was published May 13, 2022
A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to... Moderate Unreviewed
CVE-2017-12361 was published May 13, 2022
A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen... Critical Unreviewed
CVE-2017-7902 was published May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK)... Moderate Unreviewed
CVE-2017-13078 was published May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL)... Moderate Unreviewed
CVE-2017-13084 was published May 13, 2022
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup ... Moderate Unreviewed
CVE-2017-13086 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database