GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,904
Composer 4,871
Erlang 37
GitHub Actions 36
Go 2,504
Maven 5,949
npm 4,149
NuGet 735
pip 3,949
Pub 12
RubyGems 945
Rust 1,025
Swift 39

Unreviewed advisories

All unreviewed 269,795

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

70 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when... High Unreviewed

CVE-2025-50122 was published Jul 11, 2025

Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed

CVE-2024-58036 was published Apr 7, 2025

WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed

CVE-2024-52322 was published Apr 7, 2025

Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed

CVE-2024-57868 was published Apr 7, 2025

Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed

CVE-2024-56370 was published Apr 5, 2025

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy... High Unreviewed

CVE-2025-1860 was published Mar 28, 2025

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt... Moderate Unreviewed

CVE-2025-27552 was published Mar 26, 2025

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt... Moderate Unreviewed

CVE-2025-27551 was published Mar 26, 2025

Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private... High Unreviewed

CVE-2025-29311 was published Mar 24, 2025

The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they... Moderate Unreviewed

CVE-2024-9055 was published Mar 17, 2025

Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not... High Unreviewed

CVE-2025-1828 was published Mar 11, 2025

Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV... High Unreviewed

CVE-2024-53522 was published Jan 7, 2025

In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect... Moderate Unreviewed

CVE-2018-9426 was published Dec 3, 2024

A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature... Moderate Unreviewed

CVE-2024-20331 was published Oct 23, 2024

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID... Critical Unreviewed

CVE-2024-47945 was published Oct 15, 2024

Eufy HomeBase 2 model T8010X v3.2.8.3h was discovered to use the deprecated wireless protocol... High Unreviewed

CVE-2023-37822 was published Oct 3, 2024

An insufficient entropy vulnerability caused by the improper use of a randomness function with... Moderate Unreviewed

CVE-2024-38270 was published Sep 10, 2024

An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor,... Moderate Unreviewed

CVE-2023-49927 was published Jun 5, 2024

Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from... Critical Unreviewed

CVE-2024-3411 was published Apr 30, 2024

Chilkat before v9.5.0.98, allows attackers to obtain sensitive information via predictable PRNG... Moderate Unreviewed

CVE-2024-26329 was published Apr 5, 2024

Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex... Critical Unreviewed

CVE-2024-25730 was published Feb 24, 2024

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure... Moderate Unreviewed

CVE-2024-22473 was published Feb 21, 2024

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction... High Unreviewed

CVE-2024-25407 was published Feb 13, 2024

An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that... High Unreviewed

CVE-2023-46648 was published Dec 21, 2023

An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could... High Unreviewed

CVE-2023-31176 was published Nov 30, 2023

Previous1…3 Next

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

70 advisories