Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

170 advisories

Loading
Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These... High Unreviewed
CVE-2026-9638 was published Jun 12, 2026
Weak Randomness / Insecure Cryptographic Primitive (CWE-338) in Get-RandomPassword in BOSH... High Unreviewed
CVE-2026-41858 was published Jun 4, 2026
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. ... Critical Unreviewed
CVE-2026-47372 was published May 21, 2026
Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. ... Moderate Unreviewed
CVE-2026-8503 was published May 15, 2026
Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys. ... Unknown Unreviewed
CVE-2026-6146 was published May 11, 2026
WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The... Moderate Unreviewed
CVE-2026-5084 was published May 11, 2026
Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The... High Unreviewed
CVE-2026-6659 was published May 8, 2026
Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs Critical
CVE-2026-42155 was published for openmage/magento-lts (Composer) May 5, 2026
0x0OZ Credited to 0x0OZ
Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The... Moderate Unreviewed
CVE-2026-5080 was published Apr 30, 2026
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and... High Unreviewed
CVE-2026-40514 was published Apr 27, 2026
Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for... High Unreviewed
CVE-2026-5088 was published Apr 15, 2026
Solstice::Session versions through 1440 for Perl generates session ids insecurely. The... Critical Unreviewed
CVE-2026-5085 was published Apr 13, 2026
Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is... Moderate Unreviewed
CVE-2026-5083 was published Apr 8, 2026
Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure... Moderate Unreviewed
CVE-2026-5082 was published Apr 8, 2026
An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1... Moderate Unreviewed
CVE-2026-34871 was published Apr 1, 2026
Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding) High
CVE-2026-25726 was published for github.com/cloudreve/Cloudreve/v4 (Go) Mar 31, 2026
orenyomtov Credited to orenyomtov
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random... High Unreviewed
CVE-2026-5087 was published Mar 31, 2026
Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret... Critical Unreviewed
CVE-2025-15618 was published Mar 31, 2026
HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. ... Critical Unreviewed
CVE-2026-3256 was published Mar 28, 2026
Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security... Critical Unreviewed
CVE-2025-15604 was published Mar 28, 2026
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache... Critical Unreviewed
CVE-2025-40931 was published Mar 5, 2026
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. ... Critical Unreviewed
CVE-2024-57854 was published Mar 5, 2026
Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids... Critical Unreviewed
CVE-2025-40926 was published Mar 5, 2026
HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the... Moderate Unreviewed
CVE-2026-3255 was published Feb 27, 2026
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX... High Unreviewed
CVE-2025-40932 was published Feb 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database