Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

10 advisories

Loading
User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password... Critical Unreviewed
CVE-2023-40756 was published Aug 28, 2023
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed
CVE-2024-25189 was published Feb 8, 2024
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed
CVE-2024-25191 was published Feb 8, 2024
l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed
CVE-2024-25190 was published Feb 8, 2024
darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which... Critical Unreviewed
CVE-2024-23771 was published Jan 22, 2024
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable... Critical Unreviewed
CVE-2022-23303 was published Feb 15, 2022
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are... Critical Unreviewed
CVE-2022-23304 was published Feb 15, 2022
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to... Critical Unreviewed
CVE-2018-1000884 was published May 13, 2022
Information disclosure through timing and power side-channels during mod exponentiation for RSA... Critical Unreviewed
CVE-2021-1924 was published May 24, 2022
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could... Critical Unreviewed
CVE-2022-40895 was published Oct 6, 2022
ProTip! Advisories are also available from the GraphQL API