Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

132 advisories

Loading
Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed
CVE-2024-56370 was published Apr 5, 2025
Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not... High Unreviewed
CVE-2025-1828 was published Mar 11, 2025
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt... Moderate Unreviewed
CVE-2025-27552 was published Mar 26, 2025
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt... Moderate Unreviewed
CVE-2025-27551 was published Mar 26, 2025
Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed
CVE-2024-58036 was published Apr 7, 2025
Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy... High Unreviewed
CVE-2025-1860 was published Mar 28, 2025
Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default... Moderate Unreviewed
CVE-2025-2814 was published Apr 13, 2025
WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed
CVE-2024-52322 was published Apr 7, 2025
Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed
CVE-2024-57868 was published Apr 7, 2025
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces... High Unreviewed
CVE-2025-40920 was published Aug 11, 2025
Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce... Moderate Unreviewed
CVE-2025-40918 was published Jul 16, 2025
Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The... Moderate Unreviewed
CVE-2025-40924 was published Jul 17, 2025
Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The... High Unreviewed
CVE-2025-40923 was published Jul 16, 2025
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce... Moderate Unreviewed
CVE-2025-40919 was published Jul 16, 2025
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation Critical
CVE-2024-29868 was published for org.apache.streampipes:streampipes-resource-management (Maven) Jun 24, 2024
oscerd
An issue was discovered in Object First 1.0.7.712. The authorization service has a flow that... Critical Unreviewed
CVE-2022-44796 was published Nov 7, 2022
Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for... Critical Unreviewed
CVE-2025-40916 was published Jun 16, 2025
Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF... High Unreviewed
CVE-2025-40915 was published Jun 11, 2025
Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content Low
CVE-2025-46653 was published for formidable (npm) Apr 26, 2025
qwilr-altonius diego-santacruz
The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient... High Unreviewed
CVE-2024-7315 was published Oct 2, 2024
D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random... Moderate Unreviewed
CVE-2022-42159 was published Oct 14, 2022
Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets. ... Moderate Unreviewed
CVE-2024-58135 was published May 3, 2025
An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs... High Unreviewed
CVE-2017-17845 was published May 14, 2022
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time... High Unreviewed
CVE-2016-10180 was published May 13, 2022
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not... High Unreviewed
CVE-2017-5493 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database