Common Weakness Enumeration

CWE-330

Discouraged

Use of Insufficiently Random Values

Abstraction: Class · Status: Stable

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

445 vulnerabilities reference this CWE, most recent first.

GHSA-RC39-G977-687W

Vulnerability from github – Published: 2022-11-10 21:27 – Updated: 2022-11-10 21:27
VLAI
Summary
Use of unclaimed s3 bucket in tests and examples
Details

Impact

People who use some older NLP examples that reference the old S3 bucket.

Patches

The problem has been patched. Upgrade to snapshots for now. A release will be published later to address this due to the vulnerability mostly being examples and 1 class in the actual code base.

Workarounds

Download a word2vec google news vector from a new source using git lfs

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.deeplearning4j:platform-tests"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.0.0-M2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.deeplearning4j:dl4j-examples"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.0.0-M2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-36022"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330",
      "CWE-344"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-10T21:27:55Z",
    "nvd_published_at": "2022-11-10T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nPeople who use some older NLP examples that reference the old S3 bucket.\n\n### Patches\nThe problem has been patched. Upgrade to snapshots for now. A release will be published later to address this due to the  vulnerability mostly being examples and 1 class in the actual code base.\n\n### Workarounds\nDownload a word2vec google news vector from a new source using git lfs ",
  "id": "GHSA-rc39-g977-687w",
  "modified": "2022-11-10T21:27:55Z",
  "published": "2022-11-10T21:27:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/deeplearning4j/deeplearning4j/security/advisories/GHSA-rc39-g977-687w"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eclipse/deeplearning4j/security/advisories/GHSA-rc39-g977-687w"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36022"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/deeplearning4j/deeplearning4j"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mmihaltz/word2vec-GoogleNews-vectors"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Use of unclaimed s3 bucket in tests and examples"
}

GHSA-RGGJ-CC94-9FXQ

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-07-13 00:01
VLAI
Details

reNgine through 0.5 relies on a predictable directory name.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38606"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-12T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "reNgine through 0.5 relies on a predictable directory name.",
  "id": "GHSA-rggj-cc94-9fxq",
  "modified": "2022-07-13T00:01:35Z",
  "published": "2022-05-24T19:10:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38606"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yogeshojha/rengine/commit/158367a231335026b8dba633a76b44de290ad37c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RHR8-8XJ2-R4PC

Vulnerability from github – Published: 2022-06-25 00:00 – Updated: 2022-07-06 00:00
VLAI
Details

Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29330"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-24T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors.",
  "id": "GHSA-rhr8-8xj2-r4pc",
  "modified": "2022-07-06T00:00:25Z",
  "published": "2022-06-25T00:00:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29330"
    },
    {
      "type": "WEB",
      "url": "https://www.arsouyes.org/blog/2022/2022-06-30-VitalPBX-0day"
    },
    {
      "type": "WEB",
      "url": "http://vitalpbx.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RJR4-V43M-PXQ6

Vulnerability from github – Published: 2026-01-21 22:52 – Updated: 2026-01-22 13:41
VLAI
Summary
Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness
Details

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol.

Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness.

Protocols that rely on proofs and the supplied verifier of the affected versions of Triton VM are completely broken. Protocols implementing their own verifier might be unaffected.

The flaw was corrected in commit 3a045d63, where the relevant randomness is sampled correctly.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "triton-vm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.41.0"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-21T22:52:56Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol.\n\nMalicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness.\n\nProtocols that rely on proofs and the supplied verifier of the affected versions of Triton VM are completely broken. Protocols implementing their own verifier might be unaffected.\n\nThe flaw was corrected in commit 3a045d63, where the relevant randomness is sampled correctly.",
  "id": "GHSA-rjr4-v43m-pxq6",
  "modified": "2026-01-22T13:41:48Z",
  "published": "2026-01-21T22:52:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/TritonVM/triton-vm/commit/3a045d636e97bb2eb628671db0001aa665c19dd8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/TritonVM/triton-vm"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TritonVM/triton-vm/releases/tag/v2.0.0"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0004.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness"
}

GHSA-RMC5-W442-6F93

Vulnerability from github – Published: 2025-02-26 21:30 – Updated: 2025-03-05 15:30
VLAI
Details

SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient entropy). This may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50684"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T21:15:17Z",
    "severity": "MODERATE"
  },
  "details": "SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient entropy). This may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud.",
  "id": "GHSA-rmc5-w442-6f93",
  "modified": "2025-03-05T15:30:50Z",
  "published": "2025-02-26T21:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50684"
    },
    {
      "type": "WEB",
      "url": "https://en.sungrowpower.com/security-notice-detail-2/6126"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RMGP-99FM-WV32

Vulnerability from github – Published: 2026-02-12 12:31 – Updated: 2026-02-12 18:30
VLAI
Details

When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm. Attackers with the knowledge of the registration numbers can connect to the MQTT server and impersonate the dongle / inverters.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-15574"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-12T11:15:49Z",
    "severity": "MODERATE"
  },
  "details": "When connecting to the Solax Cloud MQTT server the username is the \"registration number\", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the \"registration number\" using a proprietary XOR/transposition algorithm. Attackers with the knowledge of the registration numbers can connect to the MQTT server and impersonate the dongle / inverters.",
  "id": "GHSA-rmgp-99fm-wv32",
  "modified": "2026-02-12T18:30:23Z",
  "published": "2026-02-12T12:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15574"
    },
    {
      "type": "WEB",
      "url": "https://r.sec-consult.com/solax"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RQ8Q-W9HR-C2FR

Vulnerability from github – Published: 2023-08-02 15:30 – Updated: 2024-01-12 09:30
VLAI
Details

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-26451"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-02T13:15:11Z",
    "severity": "HIGH"
  },
  "details": "Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known.\n\n",
  "id": "GHSA-rq8q-w9hr-c2fr",
  "modified": "2024-01-12T09:30:28Z",
  "published": "2023-08-02T15:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26451"
    },
    {
      "type": "WEB",
      "url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0003.json"
    },
    {
      "type": "WEB",
      "url": "https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json"
    },
    {
      "type": "WEB",
      "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Aug/8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RV8H-P43R-4X5R

Vulnerability from github – Published: 2022-05-17 03:46 – Updated: 2024-10-07 21:06
VLAI
Summary
SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces
Details

The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "oauth2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9rc1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-4347"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-29T18:04:35Z",
    "nvd_published_at": "2014-05-20T14:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.",
  "id": "GHSA-rv8h-p43r-4x5r",
  "modified": "2024-10-07T21:06:35Z",
  "published": "2022-05-17T03:46:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4347"
    },
    {
      "type": "WEB",
      "url": "https://github.com/simplegeo/python-oauth2/issues/9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/simplegeo/python-oauth2/pull/146"
    },
    {
      "type": "WEB",
      "url": "https://github.com/joestump/python-oauth2/commit/82dd2cdd4954cd7b8983d5d64c0dfd9072bf4650"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2015:1591"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2015:1592"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2013-4347"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007758"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/joestump/python-oauth2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/oauth2/PYSEC-2014-86.yaml"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/09/12/7"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/62388"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces"
}

GHSA-RVW9-MM8Q-456Q

Vulnerability from github – Published: 2025-10-20 18:30 – Updated: 2025-10-20 18:30
VLAI
Details

The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses from the oatpp-mcp server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-6515"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-20T17:15:39Z",
    "severity": "MODERATE"
  },
  "details": "The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses from the oatpp-mcp server.",
  "id": "GHSA-rvw9-mm8q-456q",
  "modified": "2025-10-20T18:30:35Z",
  "published": "2025-10-20T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6515"
    },
    {
      "type": "WEB",
      "url": "https://research.jfrog.com/vulnerabilities/oatpp-mcp-prompt-hijacking-jfsa-2025-001494691"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V2MR-5M5H-XVCR

Vulnerability from github – Published: 2022-05-13 01:08 – Updated: 2022-05-13 01:08
VLAI
Details

Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-9863"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-27T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way.",
  "id": "GHSA-v2mr-5m5h-xvcr",
  "modified": "2022-05-13T01:08:21Z",
  "published": "2022-05-13T01:08:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9863"
    },
    {
      "type": "WEB",
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-034.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
  • In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
  • Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Implementation

Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.

Mitigation MIT-2
Architecture and Design Requirements

Strategy: Libraries or Frameworks

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

CAPEC-112: Brute Force

In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.

CAPEC-485: Signature Spoofing by Key Recreation

An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

CAPEC-59: Session Credential Falsification through Prediction

This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.