Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

506 advisories

Loading
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore)... Moderate Unreviewed
CVE-2022-32273 was published Jun 9, 2022
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source... Low Unreviewed
CVE-2022-32296 was published Jun 6, 2022
An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. If a password... Moderate Unreviewed
CVE-2021-20113 was published May 24, 2022
Information disclosure through timing and power side-channels during mod exponentiation for RSA... Critical Unreviewed
CVE-2021-1924 was published May 24, 2022
Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is... Moderate Unreviewed
CVE-2021-43398 was published May 24, 2022
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users... High Unreviewed
CVE-2021-34580 was published May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process... Moderate Unreviewed
CVE-2021-38476 was published May 24, 2022
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2... High Unreviewed
CVE-2021-38562 was published May 24, 2022
A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD... Moderate Unreviewed
CVE-2021-26318 was published May 24, 2022
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to... Moderate Unreviewed
CVE-2021-20376 was published May 24, 2022
In Kaden PICOFLUX Air in all known versions an information exposure through observable... Moderate Unreviewed
CVE-2021-34576 was published May 24, 2022
NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized... Moderate Unreviewed
CVE-2021-1109 was published May 24, 2022
An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0... Low Unreviewed
CVE-2020-25082 was published May 24, 2022
net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of... Low Unreviewed
CVE-2021-38209 was published May 24, 2022
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information... Moderate Unreviewed
CVE-2021-34556 was published May 24, 2022
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information... Moderate Unreviewed
CVE-2021-35477 was published May 24, 2022
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can... High Unreviewed
CVE-2021-34575 was published May 24, 2022
An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular... Moderate Unreviewed
CVE-2020-36421 was published May 24, 2022
An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for... Moderate Unreviewed
CVE-2020-36424 was published May 24, 2022
An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC... Moderate Unreviewed
CVE-2020-36422 was published May 24, 2022
In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system... Moderate Unreviewed
CVE-2021-24116 was published May 24, 2022
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding... Moderate Unreviewed
CVE-2021-24119 was published May 24, 2022
In Rust SGX 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level ... Moderate Unreviewed
CVE-2021-24117 was published May 24, 2022
Observable behavioral discrepancy vulnerability in QSAN Storage Manager allows remote attackers... Moderate Unreviewed
CVE-2021-32528 was published May 24, 2022
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g.,... Moderate Unreviewed
CVE-2021-33624 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database