Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,437
Maven
5,000+
npm
5,000+
NuGet
883
pip
4,695
Pub
13
RubyGems
1,031
Rust
1,222
Swift
53
Unreviewed advisories
All unreviewed
5,000+

158 advisories

Loading
Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is... Moderate Unreviewed
CVE-2026-5083 was published Apr 8, 2026
Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure... Moderate Unreviewed
CVE-2026-5082 was published Apr 8, 2026
Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding) High
CVE-2026-25726 was published for github.com/cloudreve/Cloudreve/v4 (Go) Mar 31, 2026
orenyomtov Credited to orenyomtov
An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1... Moderate Unreviewed
CVE-2026-34871 was published Apr 1, 2026
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random... High Unreviewed
CVE-2026-5087 was published Mar 31, 2026
HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. ... Critical Unreviewed
CVE-2026-3256 was published Mar 28, 2026
Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security... Critical Unreviewed
CVE-2025-15604 was published Mar 28, 2026
Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret... Critical Unreviewed
CVE-2025-15618 was published Mar 31, 2026
The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the... Moderate Unreviewed
CVE-2009-3278 was published May 2, 2022
The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag... High Unreviewed
CVE-2024-23660 was published Feb 8, 2024
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random... High Unreviewed
CVE-2008-0166 was published May 1, 2022
Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids... Critical Unreviewed
CVE-2025-40926 was published Mar 5, 2026
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache... Critical Unreviewed
CVE-2025-40931 was published Mar 5, 2026
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. ... Critical Unreviewed
CVE-2024-57854 was published Mar 5, 2026
HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the... Moderate Unreviewed
CVE-2026-3255 was published Feb 27, 2026
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX... High Unreviewed
CVE-2025-40932 was published Feb 27, 2026
Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions.... Critical Unreviewed
CVE-2024-58041 was published Feb 24, 2026
Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The... Critical Unreviewed
CVE-2026-2439 was published Feb 17, 2026
Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id... Critical Unreviewed
CVE-2025-15578 was published Feb 17, 2026
WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy,... High Unreviewed
CVE-2025-40905 was published Feb 13, 2026
Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure Critical
CVE-2025-66630 was published for github.com/gofiber/fiber/v2 (Go) Feb 9, 2026
sixcolors Credited to sixcolors
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces... High Unreviewed
CVE-2025-40920 was published Aug 11, 2025
Use of a weak pseudo-random number generator, which may allow an attacker to read or inject... High Unreviewed
CVE-2025-26379 was published Dec 22, 2025
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values Critical
CVE-2025-66565 was published for github.com/gofiber/utils (Go) Dec 8, 2025
sixcolors Credited to sixcolors
In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as... High Unreviewed
CVE-2025-7394 was published Jul 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database