Just looked it up, /dev/random produces output only if there is sufficient entropy in the entropy pool, /dev/urandom doesn't block (unblock random) if there is not sufficient entropy and keeps producing output. It is unlikely that a freshly seeded /dev/urandom will be pwnable but it is theoretically weak to certain attacks if there is not sufficient entropy, /dev/random on the other hand is not weak to these theoretical attacks because it blocks until there is sufficient entropy.