A quantum random-number generator (QRNG) can theoretically generate unpredictable random numbers with perfect devices and is an ideal and secure source of random numbers for cryptography. However, the practical implementations always contain imperfections, which will greatly influence the randomness of the final output and even open loopholes to eavesdroppers. Recently, Thewes et al. experimentally demonstrated a continuous-variable eavesdropping attack, based on heterodyne detection, on a trusted continuous-variable QRNG in Phys. Rev. A 100, 052318 (2019), yet like in many other practical continuous-variable QRNG studies, they always supposed the local oscillator was stable and ignored its fluctuation which might lead to security threats such as wavelength attack. In this work, based on the theory of the conditional min-entropy, imperfections of the practical security of continuous-variable QRNGs are systematically analyzed, especially the local oscillator fluctuation under imbalanced homodyne detection. Experiments of a practical QRNG based on vacuum fluctuation are demonstrated to show the influence of local oscillator fluctuation on the total measurement noise variances and the practical conditional min-entropy with beam splitters of different transmittances. Moreover, a local oscillator monitoring method is proposed for the practical continuous-variable QRNG, which can be used to calibrate the practical conditional min-entropy.