GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
wolfCrypt leaks cryptographic information via timing side channel
Moderate
CVE-2019-13628
was published
for
wolfcrypt
(pip)
May 24, 2022
Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration
Moderate
CVE-2023-41885
was published
for
piccolo
(pip)
Sep 12, 2023
Minerva timing attack on P-256 in python-ecdsa
High
CVE-2024-23342
was published
for
ecdsa
(pip)
Jan 22, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
High
CVE-2023-50782
was published
for
cryptography
(pip)
Feb 5, 2024
Observable Response Discrepancy in Flask-AppBuilder
Moderate
CVE-2022-21659
was published
for
Flask-AppBuilder
(pip)
Feb 1, 2022
Observable Response Discrepancy in Flask-AppBuilder
Moderate
CVE-2021-29621
was published
for
Flask-AppBuilder
(pip)
May 27, 2021
Gradio performs a non-constant-time comparison when comparing hashes
Moderate
CVE-2024-47869
was published
for
gradio
(pip)
Oct 10, 2024
PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption
High
CVE-2023-52323
was published
for
pycryptodome
(pip)
Jan 5, 2024
cocagne pysrp vulnerable to side channel leaks
High
CVE-2021-4286
was published
for
srp
(pip)
Dec 27, 2022
Django allows enumeration of user e-mail addresses
Moderate
CVE-2024-45231
was published
for
Django
(pip)
Oct 8, 2024
Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)
High
CVE-2014-9720
was published
for
tornado
(pip)
May 17, 2022
vantage6 vulnerable to Observable Response Discrepancy
Moderate
CVE-2022-39228
was published
for
vantage6
(pip)
Feb 28, 2023
Observable Timing Discrepancy in aaugustin websockets library
High
CVE-2021-33880
was published
for
websockets
(pip)
Jun 11, 2021
ProTip!
Advisories are also available from the
GraphQL API