GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
498 advisories
Filter by severity
Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)
High
CVE-2014-9720
was published
for
tornado
(pip)
May 17, 2022
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider...
Moderate
Unreviewed
CVE-2013-1620
was published
May 14, 2022
phpMyAdmin Unsafe comparison of XSRF/CSRF token
High
CVE-2016-2041
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1...
Moderate
Unreviewed
CVE-2018-9192
was published
May 13, 2022
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1...
Moderate
Unreviewed
CVE-2018-9194
was published
May 13, 2022
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login...
Moderate
Unreviewed
CVE-2017-8055
was published
May 13, 2022
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before...
Moderate
Unreviewed
CVE-2017-7006
was published
May 13, 2022
Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an...
Moderate
Unreviewed
CVE-2017-17427
was published
May 13, 2022
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA...
Moderate
Unreviewed
CVE-2017-1000385
was published
May 13, 2022
A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505,...
Moderate
Unreviewed
CVE-2017-12373
was published
May 13, 2022
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite...
Moderate
Unreviewed
CVE-2017-13099
was published
May 13, 2022
In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow...
High
Unreviewed
CVE-2019-6602
was published
May 13, 2022
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
High
Unreviewed
CVE-2019-10233
was published
May 13, 2022
Systems with microprocessors utilizing speculative execution and that perform speculative reads...
Moderate
Unreviewed
CVE-2018-3640
was published
May 13, 2022
Systems with microprocessors utilizing speculative execution and address translations may allow...
Moderate
Unreviewed
CVE-2018-3620
was published
May 13, 2022
Systems with microprocessors utilizing speculative execution and Intel software guard extensions ...
Moderate
Unreviewed
CVE-2018-3615
was published
May 13, 2022
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows...
Moderate
Unreviewed
CVE-2018-10949
was published
May 13, 2022
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to...
Critical
Unreviewed
CVE-2018-1000884
was published
May 13, 2022
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA...
Moderate
Unreviewed
CVE-2018-0495
was published
May 13, 2022
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an...
Moderate
Unreviewed
CVE-2018-0134
was published
May 13, 2022
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software...
Moderate
Unreviewed
CVE-2018-5407
was published
May 13, 2022
Observable Discrepancy in BouncyCastle
Moderate
CVE-2017-13098
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
May 13, 2022
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys...
High
Unreviewed
CVE-2016-6489
was published
May 13, 2022
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls...
Moderate
Unreviewed
CVE-2018-16868
was published
May 13, 2022
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle...
Moderate
Unreviewed
CVE-2018-16869
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API