Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

90 advisories

Loading
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow... High Unreviewed
CVE-2024-13939 was published Mar 28, 2025
An unauthenticated remote attacker can gain access to sensitive information including... High Unreviewed
CVE-2025-1468 was published Mar 18, 2025
Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860... High Unreviewed
CVE-2024-41335 was published Feb 27, 2025
In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to... High Unreviewed
CVE-2024-49734 was published Jan 22, 2025
In multiple locations, there is a possible way to obtain any system permission due to a logic... High Unreviewed
CVE-2024-43095 was published Jan 22, 2025
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web... High Unreviewed
CVE-2025-21510 was published Jan 21, 2025
An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows... High Unreviewed
CVE-2024-54767 was published Jan 7, 2025
In the LG LAF component, there is a special command that allowed modification of certain... High Unreviewed
CVE-2018-9364 was published Nov 19, 2024
Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may... High Unreviewed
CVE-2024-28885 was published Nov 13, 2024
An issue in Sourcebans++ before v.1.8.0 allows a remote attacker to obtain sensitive information... High Unreviewed
CVE-2024-40490 was published Nov 1, 2024
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack... High Unreviewed
CVE-2024-7010 was published Oct 29, 2024
Video frames could have been leaked between origins in some situations. This vulnerability... High Unreviewed
CVE-2024-10463 was published Oct 29, 2024
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401,... High Unreviewed
CVE-2024-39921 was published Sep 4, 2024
Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when... High Unreviewed
CVE-2024-39830 was published Jul 3, 2024
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with... High Unreviewed
CVE-2024-37880 was published Jun 10, 2024
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically... High Unreviewed
CVE-2024-5124 was published Jun 6, 2024
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Invalidate FPU... High Unreviewed
CVE-2021-47226 was published May 21, 2024
Windows MSHTML Platform Security Feature Bypass Vulnerability High Unreviewed
CVE-2024-30040 was published May 14, 2024
Windows DNS Server Remote Code Execution Vulnerability High Unreviewed
CVE-2024-26221 was published Apr 9, 2024
A potential security vulnerability has been reported in the system BIOS of certain HP PC products... High Unreviewed
CVE-2023-5410 was published Mar 12, 2024
Theoretically, it would be possible for an attacker to brute-force the password for an instance... High Unreviewed
CVE-2024-0436 was published Feb 26, 2024
An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response... High Unreviewed
CVE-2022-45177 was published Feb 21, 2024
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability High
CVE-2023-51437 was published for org.apache.pulsar:pulsar-broker-auth-sasl (Maven) Feb 7, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack High
CVE-2023-50782 was published for cryptography (pip) Feb 5, 2024
A security vulnerability has been identified in the pkcs11-provider, which is associated with... High Unreviewed
CVE-2023-6258 was published Jan 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database