GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 28,808
Composer 5,566
Erlang 49
GitHub Actions 49
Go 3,479
Maven 6,393
npm 5,718
NuGet 886
pip 4,740
Pub 13
RubyGems 1,031
Rust 1,225
Swift 53

Unreviewed advisories

All unreviewed 297,392

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

39 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is... Moderate Unreviewed

CVE-2026-5083 was published Apr 8, 2026

Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure... Moderate Unreviewed

CVE-2026-5082 was published Apr 8, 2026

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1... Moderate Unreviewed

CVE-2026-34871 was published Apr 1, 2026

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the... Moderate Unreviewed

CVE-2009-3278 was published May 2, 2022

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the... Moderate Unreviewed

CVE-2026-3255 was published Feb 27, 2026

Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce... Moderate Unreviewed

CVE-2025-40918 was published Jul 16, 2025

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This ... Moderate Unreviewed

CVE-2023-45237 was published Jan 16, 2024

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This ... Moderate Unreviewed

CVE-2023-45236 was published Jan 16, 2024

Mojolicious versions from 7.28 through 9.39 for Perl may generate weak HMAC session secrets. ... Moderate Unreviewed

CVE-2024-58135 was published May 3, 2025

Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed

CVE-2024-56370 was published Apr 5, 2025

Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed

CVE-2024-58036 was published Apr 7, 2025

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt... Moderate Unreviewed

CVE-2025-27551 was published Mar 26, 2025

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt... Moderate Unreviewed

CVE-2025-27552 was published Mar 26, 2025

WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of... Moderate Unreviewed

CVE-2024-52322 was published Apr 7, 2025

Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy,... Moderate Unreviewed

CVE-2024-57868 was published Apr 7, 2025

Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand() function as the default... Moderate Unreviewed

CVE-2025-2814 was published Apr 13, 2025

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The... Moderate Unreviewed

CVE-2025-40924 was published Jul 17, 2025

Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce... Moderate Unreviewed

CVE-2025-40919 was published Jul 16, 2025

D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random... Moderate Unreviewed

CVE-2022-42159 was published Oct 14, 2022

The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong... Moderate Unreviewed

CVE-2024-56830 was published Jan 2, 2025

Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. String::Random... Moderate Unreviewed

CVE-2024-57835 was published Apr 7, 2025

Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for... Moderate Unreviewed

CVE-2025-1805 was published Apr 2, 2025

The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a... Moderate Unreviewed

CVE-2002-20002 was published Jan 2, 2025

Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the... Moderate Unreviewed

CVE-2024-53702 was published Dec 5, 2024

tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand... Moderate Unreviewed

CVE-2024-45751 was published Sep 6, 2024

Previous12 Next

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

39 advisories