Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

105 advisories

Loading
Starch versions 0.14 and earlier generate session ids insecurely. The default session id... Critical Unreviewed
CVE-2025-40925 was published Sep 22, 2025
Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids... High Unreviewed
CVE-2025-40933 was published Sep 17, 2025
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces... High Unreviewed
CVE-2025-40920 was published Aug 11, 2025
Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The... Moderate Unreviewed
CVE-2025-40924 was published Jul 17, 2025
Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce... Moderate Unreviewed
CVE-2025-40919 was published Jul 16, 2025
Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce... Moderate Unreviewed
CVE-2025-40918 was published Jul 16, 2025
Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The... High Unreviewed
CVE-2025-40923 was published Jul 16, 2025
Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for... Critical Unreviewed
CVE-2025-40916 was published Jun 16, 2025
Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF... High Unreviewed
CVE-2025-40915 was published Jun 11, 2025
Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets. ... Moderate Unreviewed
CVE-2024-58135 was published May 3, 2025
Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs ... Critical Unreviewed
CVE-2025-3495 was published Apr 16, 2025
Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default... Moderate Unreviewed
CVE-2025-2814 was published Apr 13, 2025
In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image... Critical Unreviewed
CVE-2025-32754 was published Apr 10, 2025
In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation... Critical Unreviewed
CVE-2025-32755 was published Apr 10, 2025
WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed
CVE-2024-52322 was published Apr 7, 2025
Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed
CVE-2024-58036 was published Apr 7, 2025
Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values.  String::Random... Moderate Unreviewed
CVE-2024-57835 was published Apr 7, 2025
Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed
CVE-2024-57868 was published Apr 7, 2025
Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed
CVE-2024-56370 was published Apr 5, 2025
Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for... Moderate Unreviewed
CVE-2025-1805 was published Apr 2, 2025
Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy... High Unreviewed
CVE-2025-1860 was published Mar 28, 2025
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt... Moderate Unreviewed
CVE-2025-27552 was published Mar 26, 2025
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt... Moderate Unreviewed
CVE-2025-27551 was published Mar 26, 2025
A use of a cryptographically weak pseudo-random number generator vulnerability in the... High Unreviewed
CVE-2021-26091 was published Mar 24, 2025
A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including... High Unreviewed
CVE-2025-1796 was published Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database