Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,852
NuGet
696
pip
3,637
Pub
12
RubyGems
911
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+

109 advisories

Loading
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt... Moderate Unreviewed
CVE-2025-27551 was published Mar 26, 2025
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt... Moderate Unreviewed
CVE-2025-27552 was published Mar 26, 2025
A use of a cryptographically weak pseudo-random number generator vulnerability in the... High Unreviewed
CVE-2021-26091 was published Mar 24, 2025
A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including... High Unreviewed
CVE-2025-1796 was published Mar 20, 2025
Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not... High Unreviewed
CVE-2025-1828 was published Mar 11, 2025
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This ... Moderate Unreviewed
CVE-2023-45236 was published Jan 16, 2024
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This ... Moderate Unreviewed
CVE-2023-45237 was published Jan 16, 2024
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32... Critical Unreviewed
CVE-2025-22376 was published Jan 4, 2025
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN... Critical Unreviewed
CVE-2024-40762 was published Jan 9, 2025
Guzzle OAuth Subscriber has insufficient nonce entropy Moderate
CVE-2025-21617 was published for guzzlehttp/oauth-subscriber (Composer) Jan 6, 2025
psyker156
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a... Moderate Unreviewed
CVE-2002-20002 was published Jan 2, 2025
The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong... Moderate Unreviewed
CVE-2024-56830 was published Jan 2, 2025
The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand()... High Unreviewed
CVE-2018-25107 was published Dec 29, 2024
Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the... Moderate Unreviewed
CVE-2024-53702 was published Dec 5, 2024
tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand... Moderate Unreviewed
CVE-2024-45751 was published Sep 6, 2024
An HTTP digest authentication nonce value was generated using `rand()` which could lead to... Moderate Unreviewed
CVE-2024-4772 was published May 14, 2024
Withdrawn Advisory: go-mysql affected by go.uuid's Predictable UUID Identifiers Critical
GHSA-rc7v-65v6-m2v3 was published for github.com/go-mysql-org/go-mysql (Go) Oct 28, 2024 withdrawn
Fidget-Grep
Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware)... Low Unreviewed
CVE-2023-31305 was published Aug 13, 2024
An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information... Moderate Unreviewed
CVE-2023-50059 was published Apr 30, 2024
Passeo uses insecure random number generator High
CVE-2022-23472 was published for Passeo (pip) Dec 6, 2022
Bluenix2 ArjunSharda
The goTenna Pro series does not use SecureRandom when generating its cryptographic keys. The... High Unreviewed
CVE-2024-47126 was published Sep 26, 2024
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG High
CVE-2019-11842 was published for matrix-sydent (pip) May 24, 2022
westonsteimel
The goTenna Pro ATAK Plugin does not use SecureRandom when generating its cryptographic keys.... High Unreviewed
CVE-2024-45723 was published Sep 26, 2024
go.uuid has Predictable UUID Identifiers Critical
CVE-2021-3538 was published for github.com/satori/go.uuid (Go) Feb 7, 2023
Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to... High Unreviewed
CVE-2021-34600 was published Jan 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database