GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

GitHub reviewed advisories

All reviewed 31,640
Composer 5,981
Erlang 73
GitHub Actions 53
Go 4,004
Maven 6,654
npm 6,465
NuGet 975
pip 5,329
Pub 13
RubyGems 1,069
Rust 1,395
Swift 61

Unreviewed advisories

All unreviewed 308,228

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

90 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated... High Unreviewed

CVE-2026-46473 was published May 21, 2026

Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using... Unknown Unreviewed

CVE-2026-8700 was published May 16, 2026

Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated... High Unreviewed

CVE-2026-46474 was published May 15, 2026

* Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently... Moderate Unreviewed

CVE-2025-14972 was published May 15, 2026

CWE‑331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an... High Unreviewed

CVE-2026-4827 was published May 12, 2026

`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding... Moderate Unreviewed

CVE-2026-7210 was published May 11, 2026

A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged... High Unreviewed

CVE-2026-2336 was published Apr 16, 2026

libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted... Low Unreviewed

CVE-2026-41080 was published Apr 16, 2026

In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy... Moderate Unreviewed

CVE-2026-2878 was published Feb 25, 2026

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of... Moderate Unreviewed

CVE-2025-0577 was published Feb 18, 2026

The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within... Moderate Unreviewed

CVE-2026-2541 was published Feb 15, 2026

DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. ... Low Unreviewed

CVE-2025-7432 was published Feb 9, 2026

Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the... High Unreviewed

CVE-2026-1814 was published Feb 3, 2026

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent... High Unreviewed

CVE-2025-13399 was published Jan 29, 2026

Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID... High Unreviewed

CVE-2020-36925 was published Jan 6, 2026

VPN Firewall developed by QNO Technology has a Insufficient Entropy vulnerability, allowing... High Unreviewed

CVE-2025-15387 was published Dec 31, 2025

The Litmus platform uses JWT for authentication and authorization, but the secret being used for... High Unreviewed

CVE-2025-14261 was published Dec 8, 2025

The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore... Moderate Unreviewed

CVE-2025-32898 was published Dec 5, 2025

On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens... Low Unreviewed

CVE-2025-62774 was published Oct 22, 2025

Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption. Critical Unreviewed

CVE-2024-58040 was published Sep 30, 2025

CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when... High Unreviewed

CVE-2025-50122 was published Jul 11, 2025

Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed

CVE-2024-58036 was published Apr 7, 2025

WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed

CVE-2024-52322 was published Apr 7, 2025

Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed

CVE-2024-57868 was published Apr 7, 2025

Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed

CVE-2024-56370 was published Apr 5, 2025

Previous1…4 Next

Previous 1 2 3 4 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

90 advisories