Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,338
Maven
5,000+
npm
3,973
NuGet
715
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

428 advisories

Loading
A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco... Moderate Unreviewed
CVE-2020-3585 was published May 24, 2022
When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series... Moderate Unreviewed
CVE-2020-1685 was published May 24, 2022
SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management... Moderate Unreviewed
CVE-2020-5143 was published May 24, 2022
When converting coordinates from projective to affine, the modular inversion was not performed in... Moderate Unreviewed
CVE-2020-12400 was published May 24, 2022
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time... Moderate Unreviewed
CVE-2020-12401 was published May 24, 2022
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth... Moderate Unreviewed
CVE-2020-25200 was published May 24, 2022
A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by... Moderate Unreviewed
CVE-2020-11683 was published May 24, 2022
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being... Moderate Unreviewed
CVE-2020-1968 was published May 24, 2022
Magento observable timing discrepancy vulnerability Moderate
CVE-2020-9690 was published for magento/community-edition (Composer) May 24, 2022
Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed... Moderate Unreviewed
CVE-2020-6531 was published May 24, 2022
During RSA key generation, bignum implementations used a variation of the Binary Extended... Moderate Unreviewed
CVE-2020-12402 was published May 24, 2022
NSS has shown timing differences when performing DSA signatures, which was exploitable and could... Moderate Unreviewed
CVE-2020-12399 was published May 24, 2022
The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an... Moderate Unreviewed
CVE-2020-14145 was published May 24, 2022
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the... Moderate Unreviewed
CVE-2020-14002 was published May 24, 2022
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular... Moderate Unreviewed
CVE-2020-11735 was published May 24, 2022
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote... Moderate Unreviewed
CVE-2020-13998 was published May 24, 2022
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response... Moderate Unreviewed
CVE-2020-13413 was published May 24, 2022
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing... Moderate Unreviewed
CVE-2020-11713 was published May 24, 2022
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the... Moderate Unreviewed
CVE-2019-5135 was published May 24, 2022
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example... Moderate Unreviewed
CVE-2020-7959 was published May 24, 2022
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote... Moderate Unreviewed
CVE-2020-6400 was published May 24, 2022
Non-constant time comparison of inbound TCP agent connection secret Moderate
CVE-2020-2101 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Non-constant time HMAC comparison Moderate
CVE-2020-2102 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1... Moderate Unreviewed
CVE-2019-18222 was published May 24, 2022
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185.... Moderate Unreviewed
CVE-2019-16516 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database