Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,987
Maven
5,000+
npm
3,704
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
844
Swift
36
Unreviewed advisories
All unreviewed
5,000+

491 advisories

Loading
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software... Moderate Unreviewed
CVE-2023-44216 was published Sep 27, 2023
A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All... Moderate Unreviewed
CVE-2023-43623 was published Oct 10, 2023
A timing-based side-channel exists in the rust-openssl package, which could be sufficient to... Moderate Unreviewed
CVE-2024-3296 was published Apr 4, 2024
User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during... High Unreviewed
CVE-2023-36127 was published Oct 11, 2023
Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy Moderate Unreviewed
CVE-2023-31186 was published May 30, 2023
phpMyAdmin Unsafe comparison of XSRF/CSRF token High
CVE-2016-2041 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Pagekit User enumeration Moderate
CVE-2019-16669 was published for pagekit/pagekit (Composer) May 24, 2022
A timing side-channel vulnerability has been discovered in the opencryptoki package while... Moderate Unreviewed
CVE-2024-0914 was published Jan 31, 2024
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be... Moderate Unreviewed
CVE-2024-2467 was published Apr 25, 2024
PHPECC vulnerable to multiple cryptographic side-channel attacks Critical
GHSA-346h-749j-r28w was published for mdanter/ecc (Composer) Apr 25, 2024
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the... Moderate Unreviewed
CVE-2020-14002 was published May 24, 2022
Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users... Moderate Unreviewed
CVE-2022-34623 was published Aug 20, 2022
s2n-tls has a potentially observable differences in RSA premaster secret handling Low
GHSA-52xf-5p2m-9wrv was published for s2n-tls (Rust) Jun 6, 2024
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by... Moderate Unreviewed
CVE-2024-31878 was published Jun 7, 2024
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the... Moderate Unreviewed
CVE-2023-20569 was published Aug 8, 2023
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with... High Unreviewed
CVE-2024-37880 was published Jun 10, 2024
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature... Moderate Unreviewed
CVE-2022-30332 was published Jan 10, 2023
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub` Moderate
GHSA-x4gp-pqpj-f43q was published for curve25519-dalek (Rust) Jun 18, 2024
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the... Moderate Unreviewed
CVE-2023-6240 was published Feb 4, 2024
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an... Moderate Unreviewed
CVE-2024-39891 was published Jul 2, 2024
Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when... High Unreviewed
CVE-2024-39830 was published Jul 3, 2024
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK... High Unreviewed
CVE-2023-5981 was published Nov 28, 2023
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK... Moderate Unreviewed
CVE-2024-0553 was published Jan 16, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An... Moderate Unreviewed
CVE-2022-27221 was published Jun 15, 2022
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability High
CVE-2023-51437 was published for org.apache.pulsar:pulsar-broker-auth-sasl (Maven) Feb 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database