Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

613 advisories

Loading
Jenkins GitHub plugin uses weak webhook signature function Low
CVE-2022-36885 was published for com.coravy.hudson.plugins.github:github (Maven) Jul 28, 2022
westonsteimel NotMyFault
fastify-bearer-auth vulnerable to Timing Attack Vector High
CVE-2022-31142 was published for @fastify/bearer-auth (npm) Jul 15, 2022
Uzlopak
The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by... Moderate Unreviewed
CVE-2022-32425 was published Jul 15, 2022
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified... Moderate Unreviewed
CVE-2022-20752 was published Jul 7, 2022
A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid... Moderate Unreviewed
CVE-2021-41634 was published Jun 25, 2022
Observable timing discrepancy allows determining username validity in Jenkins Moderate
CVE-2022-34174 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
A potential vulnerability in some AMD processors using frequency scaling may allow an... Moderate Unreviewed
CVE-2022-23823 was published Jun 16, 2022
Observable behavioral in power management throttling for some Intel(R) Processors may allow an... Moderate Unreviewed
CVE-2022-24436 was published Jun 16, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An... Moderate Unreviewed
CVE-2022-27221 was published Jun 15, 2022
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could... Moderate Unreviewed
CVE-2022-0823 was published Jun 10, 2022
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore)... Moderate Unreviewed
CVE-2022-32273 was published Jun 9, 2022
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source... Low Unreviewed
CVE-2022-32296 was published Jun 6, 2022
An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. If a password... Moderate Unreviewed
CVE-2021-20113 was published May 24, 2022
Observable Timing Discrepancy in totp-rs Moderate
CVE-2022-29185 was published for totp-rs (Rust) May 24, 2022
tdunlap607
Information disclosure through timing and power side-channels during mod exponentiation for RSA... Critical Unreviewed
CVE-2021-1924 was published May 24, 2022
Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is... Moderate Unreviewed
CVE-2021-43398 was published May 24, 2022
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users... High Unreviewed
CVE-2021-34580 was published May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process... Moderate Unreviewed
CVE-2021-38476 was published May 24, 2022
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2... High Unreviewed
CVE-2021-38562 was published May 24, 2022
A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD... Moderate Unreviewed
CVE-2021-26318 was published May 24, 2022
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to... Moderate Unreviewed
CVE-2021-20376 was published May 24, 2022
In Kaden PICOFLUX Air in all known versions an information exposure through observable... Moderate Unreviewed
CVE-2021-34576 was published May 24, 2022
NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized... Moderate Unreviewed
CVE-2021-1109 was published May 24, 2022
An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0... Low Unreviewed
CVE-2020-25082 was published May 24, 2022
net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of... Low Unreviewed
CVE-2021-38209 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database