Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

57 advisories

Loading
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401,... High Unreviewed
CVE-2024-39921 was published Sep 4, 2024
Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when... High Unreviewed
CVE-2024-39830 was published Jul 3, 2024
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with... High Unreviewed
CVE-2024-37880 was published Jun 10, 2024
An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response... High Unreviewed
CVE-2022-45177 was published Feb 21, 2024
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability High
CVE-2023-51437 was published for org.apache.pulsar:pulsar-broker-auth-sasl (Maven) Feb 7, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack High
CVE-2023-50782 was published for cryptography (pip) Feb 5, 2024
A security vulnerability has been identified in the pkcs11-provider, which is associated with... High Unreviewed
CVE-2023-6258 was published Jan 30, 2024
Minerva timing attack on P-256 in python-ecdsa High
CVE-2024-23342 was published for ecdsa (pip) Jan 22, 2024
tomato42
Marvin Attack of RSA and RSAOAEP decryption in jsrsasign High
CVE-2024-21484 was published for jsrsasign (npm) Jan 19, 2024
tomato42
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant... High Unreviewed
CVE-2023-45287 was published Dec 5, 2023
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK... High Unreviewed
CVE-2023-5981 was published Nov 28, 2023
In InputMethod, there is a possible way to determine whether an app is installed, without query... High Unreviewed
CVE-2023-21337 was published Oct 30, 2023
In Slice, there is a possible disclosure of installed applications due to side channel... High Unreviewed
CVE-2023-21298 was published Oct 30, 2023
In Package Installer, there is a possible way to determine whether an app is installed, without... High Unreviewed
CVE-2023-21324 was published Oct 30, 2023
User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during... High Unreviewed
CVE-2023-36127 was published Oct 11, 2023
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated... High Unreviewed
CVE-2023-25529 was published Sep 20, 2023
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a... High Unreviewed
CVE-2023-33850 was published Aug 22, 2023
The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login... High Unreviewed
CVE-2023-3604 was published Aug 21, 2023
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping... High Unreviewed
CVE-2023-3640 was published Jul 24, 2023
IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based... High Unreviewed
CVE-2023-32342 was published May 31, 2023
An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An Observable Response... High Unreviewed
CVE-2023-26071 was published Mar 28, 2023
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS.... High Unreviewed
CVE-2023-0361 was published Feb 15, 2023
Observable timing discrepancy in JOpenId High
CVE-2010-10006 was published for org.expressme:JOpenId (Maven) Jan 18, 2023
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator High
CVE-2022-3143 was published for org.wildfly.security:wildfly-elytron (Maven) Jan 13, 2023
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for... High Unreviewed
CVE-2022-4499 was published Jan 11, 2023
ProTip! Advisories are also available from the GraphQL API