GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
High
GHSA-xg9w-r469-m455
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Magento LTS's guest order "protect code" can be brute-forced too easily
High
CVE-2023-41879
was published
for
openmage/magento-lts
(Composer)
Sep 11, 2023
Insufficient Entropy in PHPServerMon PRNG
Moderate
CVE-2021-4240
was published
for
phpservermon/phpservermon
(Composer)
Nov 16, 2022
PHPServerMon PRNG has Insufficient Entropy
Moderate
CVE-2021-4241
was published
for
phpservermon/phpservermon
(Composer)
Nov 16, 2022
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0
High
CVE-2022-31157
was published
for
packbackbooks/lti-1-3-php-library
(Composer)
Jul 15, 2022
Magento 2 Community Edition Cryptographic Flaw
High
CVE-2019-7886
was published
for
magento/community-edition
(Composer)
May 24, 2022
Froxlor guessable password reset token
Critical
CVE-2016-5100
was published
for
froxlor/froxlor
(Composer)
May 17, 2022
TYPO3 is vulnerable to Insecure randomness in uniqid function
Moderate
CVE-2010-3666
was published
for
typo3/cms-install
(Composer)
Apr 21, 2022
Improper file handling in concrete5/core
High
CVE-2021-22968
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Use of Insufficiently Random Values in yiisoft/yii2-dev
High
CVE-2021-3689
was published
for
yiisoft/yii2-dev
(Composer)
Sep 1, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-dev
Moderate
CVE-2021-3692
was published
for
yiisoft/yii2-dev
(Composer)
Sep 1, 2021
Predictable CSRF tokens in centreon/centreon
Moderate
CVE-2021-28055
was published
for
centreon/centreon
(Composer)
Jun 8, 2021
ProTip!
Advisories are also available from the
GraphQL API