Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

90 advisories

Loading
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS.... High Unreviewed
CVE-2023-0361 was published Feb 15, 2023
Observable timing discrepancy in JOpenId High
CVE-2010-10006 was published for org.expressme:JOpenId (Maven) Jan 18, 2023
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator High
CVE-2022-3143 was published for org.wildfly.security:wildfly-elytron (Maven) Jan 13, 2023
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for... High Unreviewed
CVE-2022-4499 was published Jan 11, 2023
** DISPUTED ** The AES instructions on the ARMv8 platform do not have an algorithm that is ... High Unreviewed
CVE-2022-48251 was published Jan 10, 2023
A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected... High Unreviewed
CVE-2013-10006 was published Jan 1, 2023
cocagne pysrp vulnerable to side channel leaks High
CVE-2021-4286 was published for srp (pip) Dec 27, 2022
The MediaError message property should be consistent to avoid leaking information about cross... High Unreviewed
CVE-2022-34477 was published Dec 22, 2022
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation... High Unreviewed
CVE-2022-3907 was published Dec 5, 2022
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to... High Unreviewed
CVE-2022-37459 was published Aug 18, 2022
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance ... High Unreviewed
CVE-2022-20866 was published Aug 11, 2022
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU... High Unreviewed
CVE-2021-46778 was published Aug 11, 2022
Atlantis Events vulnerable to Timing Attack High
CVE-2022-24912 was published for github.com/runatlantis/atlantis (Go) Jul 30, 2022
fastify-bearer-auth vulnerable to Timing Attack Vector High
CVE-2022-31142 was published for @fastify/bearer-auth (npm) Jul 15, 2022
Uzlopak
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users... High Unreviewed
CVE-2021-34580 was published May 24, 2022
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2... High Unreviewed
CVE-2021-38562 was published May 24, 2022
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can... High Unreviewed
CVE-2021-34575 was published May 24, 2022
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks... High Unreviewed
CVE-2021-33560 was published May 24, 2022
An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 &... High Unreviewed
CVE-2021-22892 was published May 24, 2022
Magento Signature verification bypass High
CVE-2020-9588 was published for magento/community-edition (Composer) May 24, 2022
Pterodactyl vulnerable to 2FA Sniffing High
CVE-2019-1020002 was published for pterodactyl/panel (Composer) May 24, 2022
ygmpxwn
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous... High Unreviewed
CVE-2019-9815 was published May 24, 2022
Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack) High
CVE-2014-9720 was published for tornado (pip) May 17, 2022
phpMyAdmin Unsafe comparison of XSRF/CSRF token High
CVE-2016-2041 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow... High Unreviewed
CVE-2019-6602 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database