Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

122 advisories

Loading
Auth0 Symfony SDK has Insufficient Entropy in Cookie Encryption High
GHSA-ghc5-95c2-vwcv was published for auth0/symfony (Composer) Apr 3, 2026
Auth0 WordPress Plugin has Insufficient Entropy in Cookie Encryption High
GHSA-vfpx-q664-h93m was published for auth0/wordpress (Composer) Apr 3, 2026
Auth0 laravel-auth0 SDK has Insufficient Entropy in Cookie Encryption High
GHSA-fmg6-246m-9g2v was published for auth0/login (Composer) Apr 3, 2026
Auth0 PHP SDK has Insufficient Entropy in Cookie Encryption High
CVE-2026-34236 was published for auth0/auth0-php (Composer) Apr 1, 2026
libcrux has All-Zero Key Generation Upon Catastrophic RNG Failure High
GHSA-434v-x5qv-pmh6 was published for libcrux-ed25519 (Rust) Mar 26, 2026
In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy... Moderate Unreviewed
CVE-2026-2878 was published Feb 25, 2026
An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of... Moderate Unreviewed
CVE-2025-0577 was published Feb 18, 2026
The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within... Moderate Unreviewed
CVE-2026-2541 was published Feb 15, 2026
DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. ... Low Unreviewed
CVE-2025-7432 was published Feb 9, 2026
Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the... High Unreviewed
CVE-2026-1814 was published Feb 3, 2026
A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent... High Unreviewed
CVE-2025-13399 was published Jan 29, 2026
SM2-PKE has 32-bit Biased Nonce Vulnerability High
CVE-2026-22698 was published for sm2 (Rust) Jan 9, 2026
XlabAITeam Credited to XlabAITeam, keenanwgn, tl2cents, and A7um keenanwgn keenanwgn
tl2cents tl2cents A7um A7um
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID... High Unreviewed
CVE-2020-36925 was published Jan 6, 2026
VPN Firewall developed by QNO Technology has a Insufficient Entropy vulnerability, allowing... High Unreviewed
CVE-2025-15387 was published Dec 31, 2025
The Litmus platform uses JWT for authentication and authorization, but the secret being used for... High Unreviewed
CVE-2025-14261 was published Dec 8, 2025
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values Critical
CVE-2025-66565 was published for github.com/gofiber/utils (Go) Dec 8, 2025
sixcolors Credited to sixcolors
The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore... Moderate Unreviewed
CVE-2025-32898 was published Dec 5, 2025
On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens... Low Unreviewed
CVE-2025-62774 was published Oct 22, 2025
Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption. Critical Unreviewed
CVE-2024-58040 was published Sep 30, 2025
TYPO3 CMS uses insufficient entropy when generating passwords Moderate
CVE-2025-59015 was published for typo3/cms-core (Composer) Sep 9, 2025
The Thinbus Javascript Secure Remote Password (SRP) Client Generates Fewer Bits of Entropy Than Intended Moderate
CVE-2025-54885 was published for thinbus-srp (npm) Aug 6, 2025
SvenSchindler Credited to SvenSchindler
CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when... High Unreviewed
CVE-2025-50122 was published Jul 11, 2025
WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed
CVE-2024-52322 was published Apr 7, 2025
Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed
CVE-2024-58036 was published Apr 7, 2025
Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed
CVE-2024-57868 was published Apr 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database