Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

613 advisories

Loading
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which... Moderate Unreviewed
CVE-2022-35888 was published Sep 30, 2022
An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the... Moderate Unreviewed
CVE-2022-32218 was published Sep 25, 2022
TYPO3 CMS vulnerable to User Enumeration via Response Timing Moderate
CVE-2022-36105 was published for typo3/cms (Composer) Sep 16, 2022
Vautia
All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to... Moderate Unreviewed
CVE-2022-1989 was published Aug 24, 2022
Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users... Moderate Unreviewed
CVE-2022-34623 was published Aug 20, 2022
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to... High Unreviewed
CVE-2022-37459 was published Aug 18, 2022
In Framework, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2022-20324 was published Aug 13, 2022
In LauncherApps, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2022-20293 was published Aug 13, 2022
In Content, there is a possible way to determinate the user's account due to side channel... Moderate Unreviewed
CVE-2022-20304 was published Aug 13, 2022
In AlarmManagerService, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20307 was published Aug 13, 2022
In ContentResolver, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20316 was published Aug 13, 2022
In PackageInstaller, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20309 was published Aug 13, 2022
In AppOpsService, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2022-20291 was published Aug 13, 2022
In PackageInstaller, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20318 was published Aug 13, 2022
In ActivityManager, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20320 was published Aug 13, 2022
Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79... Moderate Unreviewed
CVE-2022-2612 was published Aug 13, 2022
In LocaleManager, there is a possible way to determine whether an app is installed, without query... Low Unreviewed
CVE-2022-20249 was published Aug 12, 2022
In LocaleManager, there is a possible way to determine whether an app is installed, without query... Low Unreviewed
CVE-2022-20251 was published Aug 12, 2022
In PackageManager, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20252 was published Aug 12, 2022
In Telephony, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2022-20242 was published Aug 12, 2022
In USB Manager, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-0975 was published Aug 12, 2022
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance ... High Unreviewed
CVE-2022-20866 was published Aug 11, 2022
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU... High Unreviewed
CVE-2021-46778 was published Aug 11, 2022
Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique... Moderate Unreviewed
CVE-2022-34704 was published Aug 10, 2022
Atlantis Events vulnerable to Timing Attack High
CVE-2022-24912 was published for github.com/runatlantis/atlantis (Go) Jul 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database