Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,327
Maven
5,000+
npm
3,960
NuGet
712
pip
3,741
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

596 advisories

Loading
The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client... Moderate Unreviewed
CVE-2000-1117 was published Apr 30, 2022
AmTote International homebet program returns different error messages when invalid account... Moderate Unreviewed
CVE-2001-1528 was published Apr 30, 2022
iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "... Low Unreviewed
CVE-2001-1387 was published Apr 30, 2022
One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine... Moderate Unreviewed
CVE-2001-1483 was published Apr 30, 2022
PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in... Moderate Unreviewed
CVE-2002-0208 was published Apr 30, 2022
PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows... Moderate Unreviewed
CVE-2002-0514 was published Apr 30, 2022
IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is... Moderate Unreviewed
CVE-2002-0515 was published Apr 30, 2022
Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root... Moderate Unreviewed
CVE-2002-2094 was published Apr 30, 2022
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if... Moderate Unreviewed
CVE-2004-0243 was published Apr 29, 2022
YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it... Moderate Unreviewed
CVE-2004-0294 was published Apr 29, 2022
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the... Moderate Unreviewed
CVE-2004-0778 was published Apr 29, 2022
The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error... High Unreviewed
CVE-2005-1650 was published May 1, 2022
During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered... Moderate Unreviewed
CVE-2025-0361 was published Apr 8, 2025
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow... High Unreviewed
CVE-2024-13939 was published Mar 28, 2025
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly... Moderate Unreviewed
CVE-2016-2178 was published May 13, 2022
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping... High Unreviewed
CVE-2023-3640 was published Jul 24, 2023
Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread... Moderate Unreviewed
CVE-2022-45416 was published Dec 22, 2022
Snipe-IT allows attackers to check whether a user account exists Moderate
CVE-2022-44381 was published for snipe/snipe-it (Composer) Dec 25, 2022
Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an... Moderate Unreviewed
CVE-2024-11084 was published Apr 15, 2025
Service Workers should not be able to infer information about opaque cross-origin responses; but... Moderate Unreviewed
CVE-2022-45403 was published Dec 22, 2022
The MediaError message property should be consistent to avoid leaking information about cross... High Unreviewed
CVE-2022-34477 was published Dec 22, 2022
An attacker could have exploited a timing attack by sending a large number of allowCredential... Moderate Unreviewed
CVE-2022-31742 was published Dec 22, 2022
While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was... Moderate Unreviewed
CVE-2022-26382 was published Dec 22, 2022
Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes Moderate
CVE-2025-24011 was published for Umbraco.Cms (NuGet) Jan 21, 2025
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is... Moderate Unreviewed
CVE-2016-9129 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database