Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,429
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,680
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
Insufficient Entropy in DotNetNuke High
CVE-2018-18326 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
Insufficient Entropy in DotNetNuke High
CVE-2018-15812 was published for DotNetNuke.Core (NuGet) Jul 5, 2019
Pallets Werkzeug Insufficient Entropy High
CVE-2019-14806 was published for werkzeug (pip) Aug 21, 2019
Insecure Entropy Source - Math.random() in node-uuid High
CVE-2015-8851 was published for node-uuid (npm) Apr 16, 2020
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone High
CVE-2020-28924 was published for github.com/rclone/rclone (Go) Jun 10, 2021
Lemur uses static IV per key High
CVE-2015-7764 was published for lemur (pip) May 13, 2022
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params High
CVE-2022-31034 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
crenshaw-dev Credited to crenshaw-dev, jgwest, AdamKorcz, and DavidKorczynski jgwest jgwest
AdamKorcz AdamKorcz DavidKorczynski DavidKorczynski
Rancher cattle-token is predictable High
CVE-2022-43755 was published for github.com/rancher/rancher (Go) Jan 25, 2023
jose4j uses weak cryptographic algorithm High
CVE-2023-31582 was published for org.bitbucket.b_c:jose4j (Maven) Oct 25, 2023
Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability High
GHSA-mg4x-prh7-g4mx was published for zendframework/zend-captcha (Composer) Jun 7, 2024
ZendFramework1 Potential Insufficient Entropy Vulnerability High
GHSA-8xhv-gqm4-3w99 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability High
GHSA-848f-mph5-9pm9 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
SM2-PKE has 32-bit Biased Nonce Vulnerability High
CVE-2026-22698 was published for sm2 (Rust) Jan 9, 2026
XlabAITeam Credited to XlabAITeam, keenanwgn, tl2cents, and A7um keenanwgn keenanwgn
tl2cents tl2cents A7um A7um
libcrux has All-Zero Key Generation Upon Catastrophic RNG Failure High
GHSA-434v-x5qv-pmh6 was published for libcrux-ed25519 (Rust) Mar 26, 2026
Auth0 PHP SDK has Insufficient Entropy in Cookie Encryption High
CVE-2026-34236 was published for auth0/auth0-php (Composer) Apr 1, 2026
Auth0 laravel-auth0 SDK has Insufficient Entropy in Cookie Encryption High
GHSA-fmg6-246m-9g2v was published for auth0/login (Composer) Apr 3, 2026
Auth0 WordPress Plugin has Insufficient Entropy in Cookie Encryption High
GHSA-vfpx-q664-h93m was published for auth0/wordpress (Composer) Apr 3, 2026
Auth0 Symfony SDK has Insufficient Entropy in Cookie Encryption High
GHSA-ghc5-95c2-vwcv was published for auth0/symfony (Composer) Apr 3, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database