Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

494 advisories

Loading
IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user... Low Unreviewed
CVE-2024-31870 was published Jun 15, 2024
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions... Moderate Unreviewed
CVE-2024-36996 was published Jul 1, 2024
1Panel's password verification is suspected to have a timing attack vulnerability Low
CVE-2024-30257 was published for github.com/1Panel-dev/1Panel (Go) Apr 18, 2024
ZITADEL "ignoring unknown usernames" vulnerability Moderate
CVE-2024-41952 was published for github.com/zitadel/zitadel (Go) Jul 31, 2024
livio-a
Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the... Moderate Unreviewed
CVE-2024-38465 was published Jun 16, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack High
CVE-2023-50782 was published for cryptography (pip) Feb 5, 2024
By monitoring the time certain operations take, an attacker could have guessed which external... Moderate Unreviewed
CVE-2024-5690 was published Jun 11, 2024
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error... Moderate Unreviewed
CVE-2024-38322 was published Jun 29, 2024
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This... Moderate Unreviewed
CVE-2024-25651 was published Mar 14, 2024
User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. Moderate Unreviewed
CVE-2023-22359 was published Jun 26, 2023
An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response... High Unreviewed
CVE-2022-45177 was published Feb 21, 2024
Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a... Moderate Unreviewed
CVE-2024-1544 was published Aug 27, 2024
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as... Moderate Unreviewed
CVE-2023-5992 was published Jan 31, 2024
The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against... Moderate Unreviewed
CVE-2024-1543 was published Aug 30, 2024
UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message... Moderate Unreviewed
CVE-2023-47102 was published Nov 13, 2023
Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy Moderate Unreviewed
CVE-2024-38431 was published Jul 30, 2024
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") Moderate
CVE-2024-30171 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov
Loway - CWE-204: Observable Response Discrepancy Moderate Unreviewed
CVE-2024-42343 was published Sep 8, 2024
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware... Moderate Unreviewed
CVE-2024-45678 was published Sep 3, 2024
Observable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user... Moderate Unreviewed
CVE-2024-23984 was published Sep 16, 2024
User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine... Moderate Unreviewed
CVE-2024-34336 was published Sep 12, 2024
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401,... High Unreviewed
CVE-2024-39921 was published Sep 4, 2024
Observable Response Discrepancy in Flask-AppBuilder Moderate
CVE-2022-21659 was published for Flask-AppBuilder (pip) Feb 1, 2022
SamWheating
Observable Response Discrepancy in Flask-AppBuilder Moderate
CVE-2021-29621 was published for Flask-AppBuilder (pip) May 27, 2021
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that... Moderate Unreviewed
CVE-2024-8651 was published Sep 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database