Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,690
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

66 advisories

Loading
gokey allows secret recovery from a seed file without the master password High
CVE-2025-13353 was published for github.com/cloudflare/gokey (Go) Dec 2, 2025
Discovery uses the same AES/GCM Nonce throughout the session Low
CVE-2024-23688 was published for tech.pegasys.discovery:discovery (Maven) Apr 6, 2021
asanso
Credited to asanso
Duplicate Advisory: Discovery uses the same AES/GCM Nonce throughout the session Moderate
GHSA-wp4m-7hpj-8qp8 was published for tech.pegasys.discovery:discovery (Maven) Jan 20, 2024 withdrawn
form-data uses unsafe random function in form-data for choosing boundary Critical
CVE-2025-7783 was published for form-data (npm) Jul 21, 2025
benweissmann ljharb
Credited to benweissmann and ljharb
Duplicate Advisory: Juju makes Use of Weak Credentials High
GHSA-phh4-3hmm-24rx was published for github.com/juju/juju (Go) Oct 2, 2024 withdrawn
Vantage6 Server JWT secret not cryptographically secure Low
CVE-2025-43866 was published for vantage6-server (pip) Jun 12, 2025
Use of Insufficiently Random Values in undici Moderate
CVE-2025-22150 was published for undici (npm) Jan 21, 2025
mcollina parrot409
Credited to mcollina and parrot409
crypto-js uses insecure random numbers Moderate
CVE-2020-36732 was published for crypto-js (npm) Jun 12, 2023
Insecure random string generator used for sensitive data High
CVE-2023-46740 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
Credited to AdamKorcz
pyrad is vulnerable to the use of Insufficiently Random Values High
CVE-2013-0294 was published for pyrad (pip) May 5, 2022
pyftpdlib Use of Insufficiently Random Values of port selection on PASV command High
CVE-2007-6738 was published for pyftpdlib (pip) May 1, 2022
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption High
CVE-2023-48056 was published for pypinksign (pip) Nov 16, 2023
Pysaml2 improperly initializes encryption vector Moderate
CVE-2017-1000246 was published for pysaml2 (pip) Jul 16, 2018
zmthy
Credited to zmthy
SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces Moderate
CVE-2013-4347 was published for oauth2 (pip) May 17, 2022
Lemur subject to insecure random generation High
CVE-2023-30797 was published for lemur (pip) Mar 1, 2023
kjsman
Credited to kjsman
Duplicate Advisory: Lemur subject to insecure random generation High
GHSA-r4xg-4wrv-w72h was published for lemur (pip) Apr 19, 2023 withdrawn
Matrix Synapse Predictable Secret Key High
CVE-2019-5885 was published for matrix-synapse (pip) May 13, 2022
Insufficiently random values in Ansible Moderate
CVE-2020-10729 was published for ansible (pip) Jun 15, 2021
Ansible uses a socket with predictable filename in /tmp Low
CVE-2013-4259 was published for Ansible (pip) May 14, 2022
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities High
GHSA-xg9w-r469-m455 was published for zendframework/zendframework (Composer) Jun 7, 2024
Froxlor guessable password reset token Critical
CVE-2016-5100 was published for froxlor/froxlor (Composer) May 17, 2022
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys Critical
GHSA-84c3-j8r2-mcm8 was published for @nfid/embed (npm) Feb 26, 2024
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate` Critical
CVE-2024-1631 was published for @dfinity/auth-client (npm) Feb 21, 2024
peterpeterparker krpeacock
Credited to peterpeterparker and krpeacock
Use of Insufficiently Random Values in github.com/greenpau/caddy-security Moderate
CVE-2024-21495 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Jetty Uses Predictable Session Identifiers Moderate
CVE-2006-6969 was published for org.eclipse.jetty:jetty-server (Maven) May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database