Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

613 advisories

Loading
A potential security vulnerability has been reported in the system BIOS of certain HP PC products... High Unreviewed
CVE-2023-5410 was published Mar 12, 2024
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This... Moderate Unreviewed
CVE-2024-25651 was published Mar 14, 2024
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack... Moderate Unreviewed
CVE-2023-5388 was published Mar 19, 2024
Umbraco possible user enumeration Low
CVE-2024-28868 was published for UmbracoCMS (NuGet) Mar 20, 2024
poan21
This issue occurs during password recovery, where a difference in messages could allow an... Moderate Unreviewed
CVE-2024-2464 was published Mar 21, 2024
A timing-based side-channel exists in the rust-openssl package, which could be sufficient to... Moderate Unreviewed
CVE-2024-3296 was published Apr 4, 2024
Windows DNS Server Remote Code Execution Vulnerability High Unreviewed
CVE-2024-26221 was published Apr 9, 2024
1Panel's password verification is suspected to have a timing attack vulnerability Low
CVE-2024-30257 was published for github.com/1Panel-dev/1Panel (Go) Apr 18, 2024
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be... Moderate Unreviewed
CVE-2024-2467 was published Apr 25, 2024
PHPECC vulnerable to multiple cryptographic side-channel attacks Critical
GHSA-346h-749j-r28w was published for mdanter/ecc (Composer) Apr 25, 2024
In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly... Moderate Unreviewed
CVE-2024-30176 was published May 1, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames... Moderate Unreviewed
CVE-2021-20556 was published May 3, 2024
IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to... Moderate Unreviewed
CVE-2023-27283 was published May 4, 2024
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is... Moderate Unreviewed
CVE-2024-27839 was published May 14, 2024
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") Moderate
CVE-2024-30171 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov
Windows MSHTML Platform Security Feature Bypass Vulnerability High Unreviewed
CVE-2024-30040 was published May 14, 2024
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Invalidate FPU... High Unreviewed
CVE-2021-47226 was published May 21, 2024
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,... Moderate Unreviewed
CVE-2020-35165 was published May 22, 2024
s2n-tls has a potentially observable differences in RSA premaster secret handling Low
GHSA-52xf-5p2m-9wrv was published for s2n-tls (Rust) Jun 6, 2024
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically... High Unreviewed
CVE-2024-5124 was published Jun 6, 2024
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by... Moderate Unreviewed
CVE-2024-31878 was published Jun 7, 2024
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with... High Unreviewed
CVE-2024-37880 was published Jun 10, 2024
By monitoring the time certain operations take, an attacker could have guessed which external... Moderate Unreviewed
CVE-2024-5690 was published Jun 11, 2024
A website was able to detect when a user took a screenshot of a page using the built-in... Moderate Unreviewed
CVE-2024-5697 was published Jun 11, 2024
there is a possible information disclosure due to side channel information disclosure. This could... Moderate Unreviewed
CVE-2024-32926 was published Jun 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database