GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
77 advisories
Filter by severity
Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1...
High
Unreviewed
CVE-2024-31074
was published
Nov 13, 2024
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to...
Moderate
Unreviewed
CVE-2024-41741
was published
Nov 1, 2024
Gradio performs a non-constant-time comparison when comparing hashes
Moderate
CVE-2024-47869
was published
for
gradio
(pip)
Oct 10, 2024
basic-auth-connect's callback uses time unsafe string comparison
High
CVE-2024-47178
was published
for
basic-auth-connect
(npm)
Sep 30, 2024
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication
Low
CVE-2024-45052
was published
for
ethyca-fides
(pip)
Sep 4, 2024
The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against...
Moderate
Unreviewed
CVE-2024-1543
was published
Aug 30, 2024
An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. The AES implementation is...
Critical
Unreviewed
CVE-2024-45191
was published
Aug 22, 2024
open-telemetry has an Observable Timing Discrepancy
Moderate
CVE-2024-42368
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension
(Go)
Aug 13, 2024
Windows Kerberos Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-29995
was published
Aug 13, 2024
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
Low
Unreviewed
CVE-2024-41828
was published
Jul 22, 2024
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Moderate
CVE-2024-40640
was published
for
vodozemac
(Rust)
Jul 17, 2024
Django vulnerable to user enumeration attack
Moderate
CVE-2024-39329
was published
for
Django
(pip)
Jul 10, 2024
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,...
Moderate
Unreviewed
CVE-2020-35165
was published
May 22, 2024
vantage6 vulnerable to a username timing attack on recover password/MFA token
Moderate
CVE-2024-24770
was published
for
vantage6
(pip)
Mar 15, 2024
The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks....
Critical
Unreviewed
CVE-2023-41313
was published
Mar 12, 2024
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may...
Moderate
Unreviewed
CVE-2024-2236
was published
Mar 7, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
High
CVE-2023-50782
was published
for
cryptography
(pip)
Feb 5, 2024
A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib...
Moderate
Unreviewed
CVE-2024-0202
was published
Feb 5, 2024
m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657
Moderate
CVE-2023-50781
was published
for
m2crypto
(pip)
Feb 5, 2024
Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy...
Moderate
Unreviewed
CVE-2021-21575
was published
Feb 2, 2024
vantage6 vulnerable to username timing attack
Low
CVE-2024-21671
was published
for
vantage6-server
(pip)
Jan 30, 2024
Minerva timing attack on P-256 in python-ecdsa
High
CVE-2024-23342
was published
for
ecdsa
(pip)
Jan 22, 2024
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM...
Moderate
Unreviewed
CVE-2023-41097
was published
Dec 21, 2023
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character
High
CVE-2015-20110
was published
for
generator-jhipster
(npm)
Oct 31, 2023
Jenkins Gogs Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46657
was published
for
org.jenkins-ci.plugins:gogs-webhook
(Maven)
Oct 25, 2023
ProTip!
Advisories are also available from the
GraphQL API