Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

458 advisories

Loading
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401,... High Unreviewed
CVE-2024-39921 was published Sep 4, 2024
User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine... Moderate Unreviewed
CVE-2024-34336 was published Sep 12, 2024
Observable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user... Moderate Unreviewed
CVE-2024-23984 was published Sep 16, 2024
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware... Moderate Unreviewed
CVE-2024-45678 was published Sep 3, 2024
Loway - CWE-204: Observable Response Discrepancy Moderate Unreviewed
CVE-2024-42343 was published Sep 8, 2024
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") Moderate
CVE-2024-30171 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov
Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy Moderate Unreviewed
CVE-2024-38431 was published Jul 30, 2024
UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message... Moderate Unreviewed
CVE-2023-47102 was published Nov 13, 2023
The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against... Moderate Unreviewed
CVE-2024-1543 was published Aug 30, 2024
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as... Moderate Unreviewed
CVE-2023-5992 was published Jan 31, 2024
Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a... Moderate Unreviewed
CVE-2024-1544 was published Aug 27, 2024
An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response... High Unreviewed
CVE-2022-45177 was published Feb 21, 2024
User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. Moderate Unreviewed
CVE-2023-22359 was published Jun 26, 2023
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This... Moderate Unreviewed
CVE-2024-25651 was published Mar 14, 2024
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error... Moderate Unreviewed
CVE-2024-38322 was published Jun 29, 2024
By monitoring the time certain operations take, an attacker could have guessed which external... Moderate Unreviewed
CVE-2024-5690 was published Jun 11, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack High
CVE-2023-50782 was published for cryptography (pip) Feb 5, 2024
Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the... Moderate Unreviewed
CVE-2024-38465 was published Jun 16, 2024
ZITADEL "ignoring unknown usernames" vulnerability Moderate
CVE-2024-41952 was published for github.com/zitadel/zitadel (Go) Jul 31, 2024
livio-a
CubeFS timing attack can leak user passwords Moderate
CVE-2023-46739 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
1Panel's password verification is suspected to have a timing attack vulnerability Low
CVE-2024-30257 was published for github.com/1Panel-dev/1Panel (Go) Apr 18, 2024
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions... Moderate Unreviewed
CVE-2024-36996 was published Jul 1, 2024
IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user... Low Unreviewed
CVE-2024-31870 was published Jun 15, 2024
In veilid-core in Veilid before 0.3.4, the protocol's ping function can be misused in a way that... Moderate Unreviewed
CVE-2024-41880 was published Jul 22, 2024
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote... Moderate Unreviewed
CVE-2020-13998 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API