Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,029
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,070
Rust
1,404
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

90 advisories

Loading
`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding... Moderate Unreviewed
CVE-2026-7210 was published May 11, 2026
A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon... Moderate Unreviewed
CVE-2017-6030 was published May 13, 2022
Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated... High Unreviewed
CVE-2026-46473 was published May 21, 2026
Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated... High Unreviewed
CVE-2026-46474 was published May 15, 2026
Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using... Unknown Unreviewed
CVE-2026-8700 was published May 16, 2026
* Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently... Moderate Unreviewed
CVE-2025-14972 was published May 15, 2026
CWE‑331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an... High Unreviewed
CVE-2026-4827 was published May 12, 2026
libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted... Low Unreviewed
CVE-2026-41080 was published Apr 16, 2026
A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged... High Unreviewed
CVE-2026-2336 was published Apr 16, 2026
TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure... Moderate Unreviewed
CVE-2024-22473 was published Feb 21, 2024
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses... High Unreviewed
CVE-2001-0950 was published Apr 30, 2022
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit... High Unreviewed
CVE-2008-2108 was published May 1, 2022
A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent... High Unreviewed
CVE-2025-13399 was published Jan 29, 2026
In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy... Moderate Unreviewed
CVE-2026-2878 was published Feb 25, 2026
An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of... Moderate Unreviewed
CVE-2025-0577 was published Feb 18, 2026
The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within... Moderate Unreviewed
CVE-2026-2541 was published Feb 15, 2026
DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. ... Low Unreviewed
CVE-2025-7432 was published Feb 9, 2026
Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the... High Unreviewed
CVE-2026-1814 was published Feb 3, 2026
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID... High Unreviewed
CVE-2020-36925 was published Jan 6, 2026
VPN Firewall developed by QNO Technology has a Insufficient Entropy vulnerability, allowing... High Unreviewed
CVE-2025-15387 was published Dec 31, 2025
The Litmus platform uses JWT for authentication and authorization, but the secret being used for... High Unreviewed
CVE-2025-14261 was published Dec 8, 2025
The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore... Moderate Unreviewed
CVE-2025-32898 was published Dec 5, 2025
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper... Critical Unreviewed
CVE-2023-4344 was published Aug 15, 2023
The devices are vulnerable to session hijacking due to insufficient entropy in its session ID... Critical Unreviewed
CVE-2024-47945 was published Oct 15, 2024
CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when... High Unreviewed
CVE-2025-50122 was published Jul 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database