Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

311 advisories

Loading
RabbitMQ has predictable credential obfuscation seed value used in Shovel and Federation plugins Moderate
CVE-2022-31008 was published for rabbit_common (Erlang) Jun 30, 2026
Netty: QUIC stateless reset token material exposed through header-visible connection IDs Moderate
CVE-2026-50009 was published for io.netty:netty-codec-classes-quic (Maven) Jun 15, 2026
violetagg Credited to violetagg
Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port Moderate
CVE-2026-45673 was published for io.netty:netty-resolver-dns (Maven) Jun 8, 2026
violetagg Credited to violetagg
netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures Moderate
CVE-2026-41207 was published for io.netty.incubator:netty-incubator-codec-ohttp (Maven) May 26, 2026
ImageMagick: Information Disclosure in PasskeyEncipherImage via AES-CTR nonce reuse Low
GHSA-qv2q-c278-pch5 was published for Magick.NET-Q16-AnyCPU (NuGet) May 21, 2026
007bsd Credited to 007bsd and LuiginoC LuiginoC LuiginoC
Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs Critical
CVE-2026-42155 was published for openmage/magento-lts (Composer) May 5, 2026
0x0OZ Credited to 0x0OZ
Langchain-Chatchat Uses Insufficiently Random Values Low
CVE-2026-7847 was published for langchain-chatchat (pip) May 5, 2026
Spring Boot's random value property source uses a weak PRNG unsuitable for secrets Moderate
CVE-2026-40975 was published for org.springframework.boot:spring-boot-cassandra (Maven) Apr 28, 2026
DNN: Same HostGUID for all new installs Moderate
CVE-2026-40306 was published for DotNetNuke.Core (NuGet) Apr 10, 2026
meetmandeep Credited to meetmandeep, donker, and valadas donker donker
valadas valadas
Duplicate Advisory: OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter Moderate
GHSA-ch86-pxr9-j9h9 was published for openclaw (npm) Apr 3, 2026 withdrawn
openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection Moderate
GHSA-vfgx-5q85-58q3 was published for openssl-encrypt (pip) Mar 31, 2026
Gradio has an Open Redirect in its OAuth Flow Moderate
CVE-2026-28415 was published for gradio (pip) Mar 1, 2026
logicx24 Credited to logicx24
Fleet: Device lock PIN can be predicted if lock time is known Moderate
CVE-2026-23999 was published for github.com/fleetdm/fleet/v4 (Go) Feb 26, 2026
prateek-0490 Credited to prateek-0490
ProTip! Advisories are also available from the GraphQL API