Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces Low
CVE-2013-4347 was published for oauth2 (pip) May 17, 2022
Pysaml2 improperly initializes encryption vector Moderate
CVE-2017-1000246 was published for pysaml2 (pip) Jul 16, 2018
zmthy
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption High
CVE-2023-48056 was published for pypinksign (pip) Nov 16, 2023
pyrad is vulnerable to the use of Insufficiently Random Values Moderate
CVE-2013-0294 was published for pyrad (pip) May 5, 2022
pyftpdlib Use of Insufficiently Random Values of port selection on PASV command Moderate
CVE-2007-6738 was published for pyftpdlib (pip) May 1, 2022
Ansible uses a socket with predictable filename in /tmp Low
CVE-2013-4259 was published for Ansible (pip) May 14, 2022
Insufficiently random values in Ansible Moderate
CVE-2020-10729 was published for ansible (pip) Jun 15, 2021
Matrix Synapse Predictable Secret Key High
CVE-2019-5885 was published for matrix-synapse (pip) May 13, 2022
Duplicate Advisory: Lemur subject to insecure random generation High
GHSA-r4xg-4wrv-w72h was published for lemur (pip) Apr 19, 2023 withdrawn
Lemur subject to insecure random generation High
CVE-2023-30797 was published for lemur (pip) Mar 1, 2023
kjsman
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database