Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

498 advisories

Loading
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed
CVE-2024-25191 was published Feb 8, 2024
The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM,... Moderate Unreviewed
CVE-2022-25332 was published Oct 19, 2023
Prevent user enumeration using Guard or the new Authenticator-based Security Moderate
CVE-2021-21424 was published for lexik/jwt-authentication-bundle (Composer) May 13, 2021
jamesisaac mbrodala
chalasr
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed
CVE-2024-25189 was published Feb 8, 2024
Marvin Attack of RSA and RSAOAEP decryption in jsrsasign High
CVE-2024-21484 was published for jsrsasign (npm) Jan 19, 2024
tomato42
OpenShift OSIN vulnerable to Observable Timing Discrepancy Moderate
CVE-2021-4294 was published for github.com/openshift/osin (Go) Dec 28, 2022
A timing side-channel issue was addressed with improvements to constant-time computation in... Moderate Unreviewed
CVE-2024-23218 was published Jan 23, 2024
Observable Differences in Behavior to Error Inputs in Bouncy Castle Moderate
CVE-2020-26939 was published for org.bouncycastle:bc-fips (Maven) Apr 22, 2021
ebickle
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can discover whether a... Moderate Unreviewed
CVE-2021-27583 was published May 24, 2022
** DISPUTED ** On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was... Moderate Unreviewed
CVE-2019-14356 was published May 24, 2022
** DISPUTED ** On BC Vault devices, a side channel for the row-based SSD1309 OLED display was... Low Unreviewed
CVE-2019-14359 was published May 24, 2022
** DISPUTED ** On Mooltipass Mini devices, a side channel for the row-based OLED display was... Low Unreviewed
CVE-2019-14357 was published May 24, 2022
** DISPUTED ** On ShapeShift KeepKey devices, a side channel for the row-based OLED display was... Low Unreviewed
CVE-2019-14355 was published May 24, 2022
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth... Moderate Unreviewed
CVE-2020-25200 was published May 24, 2022
Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability Moderate Unreviewed
CVE-2014-4156 was published May 17, 2022
HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts... Moderate Unreviewed
CVE-2019-12743 was published May 24, 2022
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are... Moderate Unreviewed
CVE-2019-13377 was published May 24, 2022
In situations where an attacker receives automated notification of the success or failure of a... Moderate Unreviewed
CVE-2019-1563 was published May 24, 2022
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that... Moderate Unreviewed
CVE-2019-13140 was published May 24, 2022
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through... Moderate Unreviewed
CVE-2019-3740 was published May 24, 2022
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing... Moderate Unreviewed
CVE-2019-3739 was published May 24, 2022
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library.... Moderate Unreviewed
CVE-2019-13627 was published May 24, 2022
Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the... Moderate Unreviewed
CVE-2019-15809 was published May 24, 2022
On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power... Moderate Unreviewed
CVE-2019-14358 was published May 24, 2022
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to... Moderate Unreviewed
CVE-2015-0837 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database