Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

613 advisories

Loading
In Settings, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2023-21335 was published Oct 30, 2023
In Input Method, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2023-21336 was published Oct 30, 2023
In InputMethod, there is a possible way to determine whether an app is installed, without query... High Unreviewed
CVE-2023-21337 was published Oct 30, 2023
In Media Projection, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2023-21350 was published Oct 30, 2023
In Package Manager Service, there is a possible way to determine whether an app is installed,... Moderate Unreviewed
CVE-2023-21354 was published Oct 30, 2023
In Package Manager, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2023-21349 was published Oct 30, 2023
In Game Manager Service, there is a possible way to determine whether an app is installed,... Low Unreviewed
CVE-2023-21345 was published Oct 30, 2023
In the Device Idle Controller, there is a possible way to determine whether an app is installed,... Low Unreviewed
CVE-2023-21346 was published Oct 30, 2023
In Window Manager, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2023-21348 was published Oct 30, 2023
UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message... Moderate Unreviewed
CVE-2023-47102 was published Nov 13, 2023
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK... High Unreviewed
CVE-2023-5981 was published Nov 28, 2023
Marvin Attack: potential key recovery through timing sidechannels Moderate
CVE-2023-49092 was published for rsa (Rust) Nov 28, 2023
tomato42 lukas-braune
In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation... Moderate Unreviewed
CVE-2023-40090 was published Dec 5, 2023
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant... High Unreviewed
CVE-2023-45287 was published Dec 5, 2023
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting... Moderate Unreviewed
CVE-2023-4421 was published Dec 12, 2023
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation Low
CVE-2023-50708 was published for yiisoft/yii2-authclient (Composer) Dec 18, 2023
rhertogh
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an... Moderate Unreviewed
CVE-2023-23584 was published Dec 19, 2023
Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This... Moderate Unreviewed
CVE-2023-6135 was published Dec 19, 2023
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM... Moderate Unreviewed
CVE-2023-41097 was published Dec 21, 2023
Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1... Moderate Unreviewed
CVE-2023-50979 was published Dec 27, 2023
CubeFS timing attack can leak user passwords High
CVE-2023-46739 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption High
CVE-2023-52323 was published for pycryptodome (pip) Jan 5, 2024
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK... Moderate Unreviewed
CVE-2024-0553 was published Jan 16, 2024
Marvin Attack of RSA and RSAOAEP decryption in jsrsasign High
CVE-2024-21484 was published for jsrsasign (npm) Jan 19, 2024
tomato42
darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which... Critical Unreviewed
CVE-2024-23771 was published Jan 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database