GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
458 advisories
Filter by severity
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK...
Moderate
Unreviewed
CVE-2024-0553
was published
Jan 16, 2024
PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption
Moderate
CVE-2023-52323
was published
for
pycryptodome
(pip)
Jan 5, 2024
CubeFS timing attack can leak user passwords
Moderate
CVE-2023-46739
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1...
Moderate
Unreviewed
CVE-2023-50979
was published
Dec 27, 2023
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM...
Moderate
Unreviewed
CVE-2023-41097
was published
Dec 21, 2023
Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This...
Moderate
Unreviewed
CVE-2023-6135
was published
Dec 19, 2023
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an...
Moderate
Unreviewed
CVE-2023-23584
was published
Dec 19, 2023
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation
Low
CVE-2023-50708
was published
for
yiisoft/yii2-authclient
(Composer)
Dec 18, 2023
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting...
Moderate
Unreviewed
CVE-2023-4421
was published
Dec 12, 2023
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant...
High
Unreviewed
CVE-2023-45287
was published
Dec 5, 2023
In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation...
Moderate
Unreviewed
CVE-2023-40090
was published
Dec 5, 2023
Marvin Attack: potential key recovery through timing sidechannels
Moderate
CVE-2023-49092
was published
for
rsa
(Rust)
Nov 28, 2023
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK...
High
Unreviewed
CVE-2023-5981
was published
Nov 28, 2023
UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message...
Moderate
Unreviewed
CVE-2023-47102
was published
Nov 13, 2023
In Media Projection, there is a possible way to determine whether an app is installed, without...
Moderate
Unreviewed
CVE-2023-21350
was published
Oct 30, 2023
In Window Manager, there is a possible way to determine whether an app is installed, without...
Low
Unreviewed
CVE-2023-21348
was published
Oct 30, 2023
In Game Manager Service, there is a possible way to determine whether an app is installed,...
Low
Unreviewed
CVE-2023-21345
was published
Oct 30, 2023
In Package Manager Service, there is a possible way to determine whether an app is installed,...
Moderate
Unreviewed
CVE-2023-21354
was published
Oct 30, 2023
In the Device Idle Controller, there is a possible way to determine whether an app is installed,...
Low
Unreviewed
CVE-2023-21346
was published
Oct 30, 2023
In Package Manager, there is a possible way to determine whether an app is installed, without...
Low
Unreviewed
CVE-2023-21349
was published
Oct 30, 2023
In Job Scheduler, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2023-21344
was published
Oct 30, 2023
In Input Method, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2023-21338
was published
Oct 30, 2023
In Text Services, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2023-21333
was published
Oct 30, 2023
In Text Services, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2023-21332
was published
Oct 30, 2023
In Settings, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2023-21335
was published
Oct 30, 2023
ProTip!
Advisories are also available from the
GraphQL API