GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
Potential Observable Timing Discrepancy in Wagtail
Moderate
CVE-2020-11037
was published
for
wagtail
(pip)
May 7, 2020
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Moderate
CVE-2024-40640
was published
for
vodozemac
(Rust)
Jul 17, 2024
Timing attack on django-basic-auth-ip-whitelist
Moderate
CVE-2020-4071
was published
for
django-basic-auth-ip-whitelist
(pip)
Jun 23, 2020
Gradio performs a non-constant-time comparison when comparing hashes
Moderate
CVE-2024-47869
was published
for
gradio
(pip)
Oct 10, 2024
open-telemetry has an Observable Timing Discrepancy
Moderate
CVE-2024-42368
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension
(Go)
Aug 13, 2024
Django vulnerable to user enumeration attack
Moderate
CVE-2024-39329
was published
for
Django
(pip)
Jul 10, 2024
vantage6 vulnerable to a username timing attack on recover password/MFA token
Moderate
CVE-2024-24770
was published
for
vantage6
(pip)
Mar 15, 2024
OpenShift OSIN vulnerable to Observable Timing Discrepancy
Moderate
CVE-2021-4294
was published
for
github.com/openshift/osin
(Go)
Dec 28, 2022
m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657
Moderate
CVE-2023-50781
was published
for
m2crypto
(pip)
Feb 5, 2024
Observable timing discrepancy allows determining username validity in Jenkins
Moderate
CVE-2022-34174
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Non-constant time HMAC comparison
Moderate
CVE-2020-2102
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Non-constant time comparison of inbound TCP agent connection secret
Moderate
CVE-2020-2101
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Harbor timing attack risk
Moderate
CVE-2023-20902
was published
for
github.com/goharbor/harbor
(Go)
Oct 10, 2023
Barzahlen Payment Module PHP SDK vulnerable to Observable Timing Discrepancy
Moderate
CVE-2016-15015
was published
for
barzahlen/barzahlen-php
(Composer)
Jan 8, 2023
easy-scrypt Observable Timing Discrepancy vulnerability
Moderate
CVE-2014-125055
was published
for
github.com/agnivade/easy-scrypt
(Go)
Jan 7, 2023
Activerecord-session_store Vulnerable to Timing Attack
Moderate
CVE-2019-25025
was published
for
activerecord-session_store
(RubyGems)
Mar 9, 2021
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks
Moderate
CVE-2023-25000
was published
for
github.com/hashicorp/vault
(Go)
Mar 30, 2023
Observable Timing Discrepancy in totp-rs
Moderate
CVE-2022-29185
was published
for
totp-rs
(Rust)
May 24, 2022
Possible timing attack in derivation_endpoint
Moderate
CVE-2020-15237
was published
for
shrine
(RubyGems)
Oct 5, 2020
Possible Information Leak / Session Hijack Vulnerability in Rack
Moderate
CVE-2019-16782
was published
for
rack
(RubyGems)
Dec 18, 2019
Answer has Observable Timing Discrepancy
Moderate
CVE-2023-1538
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime
Moderate
CVE-2021-29446
was published
for
jose-node-cjs-runtime
(npm)
Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime
Moderate
CVE-2021-29445
was published
for
jose-node-esm-runtime
(npm)
Apr 19, 2021
OpenSearch has time discrepancy in authentication responses
Moderate
CVE-2023-25806
was published
for
org.opensearch.plugin:opensearch-security
(Maven)
Mar 7, 2023
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
Moderate
CVE-2021-31404
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
ProTip!
Advisories are also available from the
GraphQL API