GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
38 advisories
httpsig-rs: HMAC verification is vulnerable to timing attack
Moderate
CVE-2025-59058
was published
for
httpsig
(Rust)
Sep 12, 2025
SignXML's signature verification with HMAC is vulnerable to a timing attack
Moderate
CVE-2025-48995
was published
for
signxml
(pip)
Jun 5, 2025
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations
Moderate
CVE-2025-29780
was published
for
PostQuantum-Feldman-VSS
(pip)
Mar 14, 2025
Security Update for the OPC UA .NET Standard Stack
Moderate
CVE-2024-42512
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Mar 3, 2025
Gradio performs a non-constant-time comparison when comparing hashes
Moderate
CVE-2024-47869
was published
for
gradio
(pip)
Oct 10, 2024
open-telemetry has an Observable Timing Discrepancy
Moderate
CVE-2024-42368
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension
(Go)
Aug 13, 2024
Observable timing discrepancy allows determining username validity in Jenkins
Moderate
CVE-2022-34174
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Observable Timing Discrepancy in totp-rs
Moderate
CVE-2022-29185
was published
for
totp-rs
(Rust)
May 24, 2022
Non-constant time comparison of inbound TCP agent connection secret
Moderate
CVE-2020-2101
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Non-constant time HMAC comparison
Moderate
CVE-2020-2102
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API