Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

63 advisories

Loading
Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs Critical
CVE-2026-42155 was published for openmage/magento-lts (Composer) May 5, 2026
0x0OZ Credited to 0x0OZ
form-data uses unsafe random function in form-data for choosing boundary Critical
CVE-2025-7783 was published for form-data (npm) Jul 21, 2025
benweissmann Credited to benweissmann and ljharb ljharb ljharb
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys Critical
GHSA-84c3-j8r2-mcm8 was published for @nfid/embed (npm) Feb 26, 2024
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate` Critical
CVE-2024-1631 was published for @dfinity/auth-client (npm) Feb 21, 2024
peterpeterparker Credited to peterpeterparker and krpeacock krpeacock krpeacock
In Contiki 4.5, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27634 was published Oct 10, 2023
In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27636 was published Oct 10, 2023
In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27631 was published Oct 10, 2023
In FNET 4.6.3, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27633 was published Oct 10, 2023
In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27630 was published Oct 10, 2023
In PicoTCP 1.7.0, TCP ISNs are improperly random. Critical Unreviewed
CVE-2020-27635 was published Oct 10, 2023
DNS NuGet package uses insufficiently random values Critical
CVE-2021-4248 was published for DNS (NuGet) Dec 18, 2022
ProTip! Advisories are also available from the GraphQL API