GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
498 advisories
Filter by severity
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1...
Moderate
Unreviewed
CVE-2017-15533
was published
May 13, 2022
Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat ...
Moderate
Unreviewed
CVE-2017-18268
was published
May 13, 2022
On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2),...
High
Unreviewed
CVE-2017-6168
was published
May 13, 2022
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel...
Moderate
Unreviewed
CVE-2019-9495
was published
May 13, 2022
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks...
Moderate
Unreviewed
CVE-2019-9494
was published
May 13, 2022
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly...
Moderate
Unreviewed
CVE-2016-2178
was published
May 13, 2022
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to...
Moderate
Unreviewed
CVE-2019-1559
was published
May 13, 2022
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and...
Moderate
Unreviewed
CVE-2017-5107
was published
May 13, 2022
Observable Discrepancy in Apache Tomcat
Moderate
CVE-2016-0762
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to...
Moderate
Unreviewed
CVE-2021-33149
was published
May 13, 2022
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The...
Moderate
Unreviewed
CVE-2021-33845
was published
May 7, 2022
Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability
High
CVE-2007-6721
was published
for
bouncycastle:bcprov-jdk14
(Maven)
May 1, 2022
The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet...
Moderate
Unreviewed
CVE-2005-0918
was published
May 1, 2022
The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which...
Moderate
Unreviewed
CVE-2004-2252
was published
Apr 29, 2022
Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and...
Moderate
Unreviewed
CVE-2004-2150
was published
Apr 29, 2022
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given...
Moderate
Unreviewed
CVE-2004-1602
was published
Apr 29, 2022
ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of...
Moderate
Unreviewed
CVE-2004-1428
was published
Apr 29, 2022
Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a...
Moderate
Unreviewed
CVE-2003-0637
was published
Apr 29, 2022
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an...
Moderate
Unreviewed
CVE-2003-0190
was published
Apr 29, 2022
Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local...
Moderate
Unreviewed
CVE-2022-1318
was published
Apr 21, 2022
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due...
Moderate
Unreviewed
CVE-2022-22356
was published
Apr 6, 2022
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without...
Moderate
Unreviewed
CVE-2021-39745
was published
Mar 31, 2022
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without...
Moderate
Unreviewed
CVE-2021-39744
was published
Mar 31, 2022
In DevicePolicyManager, there is a possible way to reveal the existence of an installed package...
Moderate
Unreviewed
CVE-2021-39755
was published
Mar 31, 2022
In ContextImpl, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2021-39754
was published
Mar 31, 2022
ProTip!
Advisories are also available from the
GraphQL API