GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
498 advisories
Filter by severity
A timing-based side-channel exists in the rust-openssl package, which could be sufficient to...
Moderate
Unreviewed
CVE-2024-3296
was published
Apr 4, 2024
User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during...
High
Unreviewed
CVE-2023-36127
was published
Oct 11, 2023
Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy
Moderate
Unreviewed
CVE-2023-31186
was published
May 30, 2023
phpMyAdmin Unsafe comparison of XSRF/CSRF token
High
CVE-2016-2041
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Pagekit User enumeration
Moderate
CVE-2019-16669
was published
for
pagekit/pagekit
(Composer)
May 24, 2022
A timing side-channel vulnerability has been discovered in the opencryptoki package while...
Moderate
Unreviewed
CVE-2024-0914
was published
Jan 31, 2024
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be...
Moderate
Unreviewed
CVE-2024-2467
was published
Apr 25, 2024
PHPECC vulnerable to multiple cryptographic side-channel attacks
Critical
GHSA-346h-749j-r28w
was published
for
mdanter/ecc
(Composer)
Apr 25, 2024
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the...
Moderate
Unreviewed
CVE-2020-14002
was published
May 24, 2022
Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users...
Moderate
Unreviewed
CVE-2022-34623
was published
Aug 20, 2022
s2n-tls has a potentially observable differences in RSA premaster secret handling
Low
GHSA-52xf-5p2m-9wrv
was published
for
s2n-tls
(Rust)
Jun 6, 2024
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by...
Moderate
Unreviewed
CVE-2024-31878
was published
Jun 7, 2024
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the...
Moderate
Unreviewed
CVE-2023-20569
was published
Aug 8, 2023
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with...
High
Unreviewed
CVE-2024-37880
was published
Jun 10, 2024
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature...
Moderate
Unreviewed
CVE-2022-30332
was published
Jan 10, 2023
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Moderate
GHSA-x4gp-pqpj-f43q
was published
for
curve25519-dalek
(Rust)
Jun 18, 2024
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the...
Moderate
Unreviewed
CVE-2023-6240
was published
Feb 4, 2024
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an...
Moderate
Unreviewed
CVE-2024-39891
was published
Jul 2, 2024
Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when...
High
Unreviewed
CVE-2024-39830
was published
Jul 3, 2024
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK...
Moderate
Unreviewed
CVE-2024-0553
was published
Jan 16, 2024
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK...
High
Unreviewed
CVE-2023-5981
was published
Nov 28, 2023
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An...
Moderate
Unreviewed
CVE-2022-27221
was published
Jun 15, 2022
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
High
CVE-2023-51437
was published
for
org.apache.pulsar:pulsar-broker-auth-sasl
(Maven)
Feb 7, 2024
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote...
Moderate
Unreviewed
CVE-2020-13998
was published
May 24, 2022
In veilid-core in Veilid before 0.3.4, the protocol's ping function can be misused in a way that...
Moderate
Unreviewed
CVE-2024-41880
was published
Jul 22, 2024
ProTip!
Advisories are also available from the
GraphQL API