Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,494
Maven
5,000+
npm
4,129
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

613 advisories

Loading
fastify-bearer-auth vulnerable to Timing Attack Vector High
CVE-2022-31142 was published for @fastify/bearer-auth (npm) Jul 15, 2022
Uzlopak
The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by... Moderate Unreviewed
CVE-2022-32425 was published Jul 15, 2022
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified... Moderate Unreviewed
CVE-2022-20752 was published Jul 7, 2022
A potential vulnerability in some AMD processors using frequency scaling may allow an... Moderate Unreviewed
CVE-2022-23823 was published Jun 16, 2022
A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid... Moderate Unreviewed
CVE-2021-41634 was published Jun 25, 2022
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore)... Moderate Unreviewed
CVE-2022-32273 was published Jun 9, 2022
Potential speculative code store bypass in all supported CPU products, in conjunction with... Moderate Unreviewed
CVE-2021-26313 was published May 24, 2022
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could... Moderate Unreviewed
CVE-2022-0823 was published Jun 10, 2022
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted... Low Unreviewed
CVE-2020-16150 was published May 24, 2022
When binding against a DN during authentication, the reply from 389-ds-base will be different... Moderate Unreviewed
CVE-2020-35518 was published May 24, 2022
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding... Moderate Unreviewed
CVE-2021-24119 was published May 24, 2022
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs... Moderate Unreviewed
CVE-2020-27170 was published May 24, 2022
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2... High Unreviewed
CVE-2021-38562 was published May 24, 2022
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1... Moderate Unreviewed
CVE-2019-18222 was published May 24, 2022
Observable Discrepancy in Wildfly Elytron Moderate
CVE-2021-3642 was published for org.wildfly.security:wildfly-elytron (Maven) May 24, 2022
TYPO3 CMS vulnerable to User Enumeration via Response Timing Moderate
CVE-2022-36105 was published for typo3/cms (Composer) Sep 16, 2022
Vautia
Observable discrepancies in the login process allow an attacker to guess legitimate user names... Moderate Unreviewed
CVE-2021-45925 was published Oct 24, 2022
Observable Discrepancy in BouncyCastle Moderate
CVE-2017-13098 was published for org.bouncycastle:bcprov-jdk15on (Maven) May 13, 2022
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker... High Unreviewed
CVE-2021-20049 was published Dec 24, 2021
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due... Moderate Unreviewed
CVE-2022-22356 was published Apr 6, 2022
In Settings, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-39766 was published Mar 31, 2022
In TelecomManager, there is a possible way to check if a particular self managed phone account... Moderate Unreviewed
CVE-2021-39788 was published Mar 31, 2022
In VpnManagerService, there is a possible disclosure of installed VPN packages due to side... Moderate Unreviewed
CVE-2021-39773 was published Mar 31, 2022
In WallpaperManagerService, there is a possible way to determine whether an app is installed,... Moderate Unreviewed
CVE-2021-39791 was published Mar 31, 2022
In DevicePolicyManager, there is a possible way to reveal the existence of an installed package... Moderate Unreviewed
CVE-2021-39755 was published Mar 31, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database