GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,605
Composer 4,714
Erlang 34
GitHub Actions 28
Go 2,297
Maven 5,575
npm 3,942
NuGet 708
pip 3,711
Pub 12
RubyGems 920
Rust 959
Swift 38

Unreviewed advisories

All unreviewed 256,644

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

46 advisories

Filter by severity

Sort by

Least recently updated

Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets. ... Moderate Unreviewed

CVE-2024-58135 was published May 3, 2025

Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default... Moderate Unreviewed

CVE-2025-2814 was published Apr 13, 2025

WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed

CVE-2024-52322 was published Apr 7, 2025

Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed

CVE-2024-58036 was published Apr 7, 2025

Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random... Moderate Unreviewed

CVE-2024-57835 was published Apr 7, 2025

Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed

CVE-2024-57868 was published Apr 7, 2025

Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed

CVE-2024-56370 was published Apr 5, 2025

Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for... Moderate Unreviewed

CVE-2025-1805 was published Apr 2, 2025

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt... Moderate Unreviewed

CVE-2025-27552 was published Mar 26, 2025

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt... Moderate Unreviewed

CVE-2025-27551 was published Mar 26, 2025

Guzzle OAuth Subscriber has insufficient nonce entropy Moderate

CVE-2025-21617 was published for guzzlehttp/oauth-subscriber (Composer) Jan 6, 2025

The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a... Moderate Unreviewed

CVE-2002-20002 was published Jan 2, 2025

The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong... Moderate Unreviewed

CVE-2024-56830 was published Jan 2, 2025

Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the... Moderate Unreviewed

CVE-2024-53702 was published Dec 5, 2024

tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand... Moderate Unreviewed

CVE-2024-45751 was published Sep 6, 2024

stormpath/sdk uses Insecure Random Number Generator Moderate

GHSA-q8fc-v85f-78pw was published for stormpath/sdk (Composer) May 29, 2024

Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative... Moderate Unreviewed

CVE-2024-5264 was published May 23, 2024

An HTTP digest authentication nonce value was generated using `rand()` which could lead to... Moderate Unreviewed

CVE-2024-4772 was published May 14, 2024

An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information... Moderate Unreviewed

CVE-2023-50059 was published Apr 30, 2024

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This ... Moderate Unreviewed

CVE-2023-45237 was published Jan 16, 2024

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This ... Moderate Unreviewed

CVE-2023-45236 was published Jan 16, 2024

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle.... Moderate Unreviewed

CVE-2023-34363 was published Jun 9, 2023

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183,... Moderate Unreviewed

CVE-2023-31290 was published Apr 27, 2023

D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random... Moderate Unreviewed

CVE-2022-42159 was published Oct 14, 2022

SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number... Moderate Unreviewed

CVE-2022-41210 was published Oct 12, 2022

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

46 advisories