Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

613 advisories

Loading
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers... Moderate Unreviewed
CVE-2019-13599 was published May 24, 2022
An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached ... Moderate Unreviewed
CVE-2019-11465 was published May 24, 2022
In situations where an attacker receives automated notification of the success or failure of a... Moderate Unreviewed
CVE-2019-1563 was published May 24, 2022
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that... Moderate Unreviewed
CVE-2019-13140 was published May 24, 2022
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password... Moderate Unreviewed
CVE-2019-16394 was published May 24, 2022
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through... Moderate Unreviewed
CVE-2019-3740 was published May 24, 2022
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing... Moderate Unreviewed
CVE-2019-3739 was published May 24, 2022
Pagekit User enumeration Moderate
CVE-2019-16669 was published for pagekit/pagekit (Composer) May 24, 2022
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library.... Moderate Unreviewed
CVE-2019-13627 was published May 24, 2022
In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6... Moderate Unreviewed
CVE-2019-6651 was published May 24, 2022
RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions... Moderate Unreviewed
CVE-2019-3731 was published May 24, 2022
RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1... Moderate Unreviewed
CVE-2019-3732 was published May 24, 2022
wolfCrypt leaks cryptographic information via timing side channel Moderate
CVE-2019-13628 was published for wolfcrypt (pip) May 24, 2022
Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the... Moderate Unreviewed
CVE-2019-15809 was published May 24, 2022
** DISPUTED ** On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was... Moderate Unreviewed
CVE-2019-14356 was published May 24, 2022
On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power... Moderate Unreviewed
CVE-2019-14358 was published May 24, 2022
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to... Moderate Unreviewed
CVE-2015-0837 was published May 24, 2022
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the... Low Unreviewed
CVE-2019-13456 was published May 24, 2022
GnuTLS incorrectly validates the first byte of padding in CBC modes Moderate Unreviewed
CVE-2015-8313 was published May 24, 2022
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1... Moderate Unreviewed
CVE-2019-18222 was published May 24, 2022
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185.... Moderate Unreviewed
CVE-2019-16516 was published May 24, 2022
Non-constant time comparison of inbound TCP agent connection secret Moderate
CVE-2020-2101 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Non-constant time HMAC comparison Moderate
CVE-2020-2102 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote... Moderate Unreviewed
CVE-2020-6400 was published May 24, 2022
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example... Moderate Unreviewed
CVE-2020-7959 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database