Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,499
Maven
5,000+
npm
4,138
NuGet
735
pip
3,945
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

613 advisories

Loading
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could... Critical Unreviewed
CVE-2022-40895 was published Oct 6, 2022
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the... Low Unreviewed
CVE-2019-13456 was published May 24, 2022
RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1... Moderate Unreviewed
CVE-2019-3732 was published May 24, 2022
RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions... Moderate Unreviewed
CVE-2019-3731 was published May 24, 2022
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password... Moderate Unreviewed
CVE-2019-16394 was published May 24, 2022
An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached ... Moderate Unreviewed
CVE-2019-11465 was published May 24, 2022
Search Guard versions before 21.0 had an timing side channel issue when using the internal user... Moderate Unreviewed
CVE-2019-13420 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers... Moderate Unreviewed
CVE-2019-13599 was published May 24, 2022
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous... High Unreviewed
CVE-2019-9815 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers... Moderate Unreviewed
CVE-2019-13383 was published May 24, 2022
** DISPUTED ** The AES instructions on the ARMv8 platform do not have an algorithm that is ... High Unreviewed
CVE-2022-48251 was published Jan 10, 2023
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ... Moderate Unreviewed
CVE-2022-24043 was published May 21, 2022
An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 &... High Unreviewed
CVE-2021-22892 was published May 24, 2022
In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is... Moderate Unreviewed
CVE-2022-20538 was published Dec 19, 2022
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source... Low Unreviewed
CVE-2022-32296 was published Jun 6, 2022
In LauncherApps, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2022-20293 was published Aug 13, 2022
In Content, there is a possible way to determinate the user's account due to side channel... Moderate Unreviewed
CVE-2022-20304 was published Aug 13, 2022
In AppOpsService, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2022-20291 was published Aug 13, 2022
In PackageInstaller, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20309 was published Aug 13, 2022
In AlarmManagerService, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20307 was published Aug 13, 2022
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance ... High Unreviewed
CVE-2022-20866 was published Aug 11, 2022
A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue... Moderate Unreviewed
CVE-2022-4543 was published Jan 11, 2023
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for... High Unreviewed
CVE-2022-4499 was published Jan 11, 2023
In ContentResolver, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20316 was published Aug 13, 2022
Timing attack on HMAC signature comparison in Apache Tapestry Critical
CVE-2019-10071 was published for org.apache.tapestry:tapestry-core (Maven) Sep 26, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database