Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

427 advisories

Loading
A potential vulnerability in some AMD processors using frequency scaling may allow an... Moderate Unreviewed
CVE-2022-23823 was published Jun 16, 2022
A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid... Moderate Unreviewed
CVE-2021-41634 was published Jun 25, 2022
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore)... Moderate Unreviewed
CVE-2022-32273 was published Jun 9, 2022
Potential speculative code store bypass in all supported CPU products, in conjunction with... Moderate Unreviewed
CVE-2021-26313 was published May 24, 2022
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could... Moderate Unreviewed
CVE-2022-0823 was published Jun 10, 2022
When binding against a DN during authentication, the reply from 389-ds-base will be different... Moderate Unreviewed
CVE-2020-35518 was published May 24, 2022
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding... Moderate Unreviewed
CVE-2021-24119 was published May 24, 2022
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs... Moderate Unreviewed
CVE-2020-27170 was published May 24, 2022
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1... Moderate Unreviewed
CVE-2019-18222 was published May 24, 2022
Observable Discrepancy in Wildfly Elytron Moderate
CVE-2021-3642 was published for org.wildfly.security:wildfly-elytron (Maven) May 24, 2022
TYPO3 CMS vulnerable to User Enumeration via Response Timing Moderate
CVE-2022-36105 was published for typo3/cms (Composer) Sep 16, 2022
Vautia
Observable discrepancies in the login process allow an attacker to guess legitimate user names... Moderate Unreviewed
CVE-2021-45925 was published Oct 24, 2022
Observable Discrepancy in BouncyCastle Moderate
CVE-2017-13098 was published for org.bouncycastle:bcprov-jdk15on (Maven) May 13, 2022
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due... Moderate Unreviewed
CVE-2022-22356 was published Apr 6, 2022
In VpnManagerService, there is a possible disclosure of installed VPN packages due to side... Moderate Unreviewed
CVE-2021-39773 was published Mar 31, 2022
In TelecomManager, there is a possible way to check if a particular self managed phone account... Moderate Unreviewed
CVE-2021-39788 was published Mar 31, 2022
In Settings, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-39766 was published Mar 31, 2022
In WallpaperManagerService, there is a possible way to determine whether an app is installed,... Moderate Unreviewed
CVE-2021-39791 was published Mar 31, 2022
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2021-39744 was published Mar 31, 2022
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2021-39745 was published Mar 31, 2022
In AudioService, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-39760 was published Mar 31, 2022
In Media, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-39761 was published Mar 31, 2022
In DevicePolicyManager, there is a possible way to reveal the existence of an installed package... Moderate Unreviewed
CVE-2021-39755 was published Mar 31, 2022
In ContextImpl, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-39754 was published Mar 31, 2022
In Framework, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-39756 was published Mar 31, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database