Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

13 advisories

Loading
wolfCrypt leaks cryptographic information via timing side channel Moderate
CVE-2019-13628 was published for wolfcrypt (pip) May 24, 2022
Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration Moderate
CVE-2023-41885 was published for piccolo (pip) Sep 12, 2023
Skelmis
Minerva timing attack on P-256 in python-ecdsa High
CVE-2024-23342 was published for ecdsa (pip) Jan 22, 2024
tomato42
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack High
CVE-2023-50782 was published for cryptography (pip) Feb 5, 2024
Observable Response Discrepancy in Flask-AppBuilder Moderate
CVE-2022-21659 was published for Flask-AppBuilder (pip) Feb 1, 2022
SamWheating
Observable Response Discrepancy in Flask-AppBuilder Moderate
CVE-2021-29621 was published for Flask-AppBuilder (pip) May 27, 2021
Gradio performs a non-constant-time comparison when comparing hashes Moderate
CVE-2024-47869 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption High
CVE-2023-52323 was published for pycryptodome (pip) Jan 5, 2024
cocagne pysrp vulnerable to side channel leaks High
CVE-2021-4286 was published for srp (pip) Dec 27, 2022
Django allows enumeration of user e-mail addresses Moderate
CVE-2024-45231 was published for Django (pip) Oct 8, 2024
Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack) High
CVE-2014-9720 was published for tornado (pip) May 17, 2022
vantage6 vulnerable to Observable Response Discrepancy Moderate
CVE-2022-39228 was published for vantage6 (pip) Feb 28, 2023
Observable Timing Discrepancy in aaugustin websockets library High
CVE-2021-33880 was published for websockets (pip) Jun 11, 2021
ProTip! Advisories are also available from the GraphQL API