Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,128
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,024
Swift
39
Unreviewed advisories
All unreviewed
5,000+

613 advisories

Loading
Magento observable timing discrepancy vulnerability Moderate
CVE-2020-9690 was published for magento/community-edition (Composer) May 24, 2022
Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed... Moderate Unreviewed
CVE-2020-6531 was published May 24, 2022
During RSA key generation, bignum implementations used a variation of the Binary Extended... Moderate Unreviewed
CVE-2020-12402 was published May 24, 2022
NSS has shown timing differences when performing DSA signatures, which was exploitable and could... Moderate Unreviewed
CVE-2020-12399 was published May 24, 2022
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the... Moderate Unreviewed
CVE-2020-14002 was published May 24, 2022
The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an... Moderate Unreviewed
CVE-2020-14145 was published May 24, 2022
Magento Signature verification bypass High
CVE-2020-9588 was published for magento/community-edition (Composer) May 24, 2022
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular... Moderate Unreviewed
CVE-2020-11735 was published May 24, 2022
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote... Moderate Unreviewed
CVE-2020-13998 was published May 24, 2022
Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in... Low Unreviewed
CVE-2020-13844 was published May 24, 2022
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response... Moderate Unreviewed
CVE-2020-13413 was published May 24, 2022
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing... Moderate Unreviewed
CVE-2020-11713 was published May 24, 2022
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the... Moderate Unreviewed
CVE-2019-5135 was published May 24, 2022
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example... Moderate Unreviewed
CVE-2020-7959 was published May 24, 2022
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote... Moderate Unreviewed
CVE-2020-6400 was published May 24, 2022
Non-constant time comparison of inbound TCP agent connection secret Moderate
CVE-2020-2101 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Non-constant time HMAC comparison Moderate
CVE-2020-2102 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1... Moderate Unreviewed
CVE-2019-18222 was published May 24, 2022
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185.... Moderate Unreviewed
CVE-2019-16516 was published May 24, 2022
GnuTLS incorrectly validates the first byte of padding in CBC modes Moderate Unreviewed
CVE-2015-8313 was published May 24, 2022
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the... Low Unreviewed
CVE-2019-13456 was published May 24, 2022
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to... Moderate Unreviewed
CVE-2015-0837 was published May 24, 2022
On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power... Moderate Unreviewed
CVE-2019-14358 was published May 24, 2022
** DISPUTED ** On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was... Moderate Unreviewed
CVE-2019-14356 was published May 24, 2022
Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the... Moderate Unreviewed
CVE-2019-15809 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database