GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
24 advisories
Kimai: Username enumeration via timing on X-AUTH-USER
Low
GHSA-jrc6-fmhw-fpq2
was published
for
kimai/kimai
(Composer)
Apr 17, 2026
ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint
Low
CVE-2026-33877
was published
for
apostrophe
(npm)
Apr 16, 2026
Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel
Low
CVE-2026-40263
was published
for
github.com/enchant97/note-mark/backend
(Go)
Apr 13, 2026
phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()
Low
CVE-2026-40194
was published
for
phpseclib/phpseclib
(Composer)
Apr 10, 2026
Hono added timing comparison hardening in basicAuth and bearerAuth
Low
GHSA-gq3j-xvxp-8hrf
was published
for
hono
(npm)
Feb 19, 2026
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
Low
CVE-2025-46570
was published
for
vllm
(pip)
May 28, 2025
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication
Low
CVE-2024-45052
was published
for
ethyca-fides
(pip)
Sep 4, 2024
Non-constant time webhook token comparison in Jenkins GitLab Plugin
Low
CVE-2022-43411
was published
for
org.jenkins-ci.plugins:gitlab-plugin
(Maven)
Oct 19, 2022
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin
Low
CVE-2022-43412
was published
for
org.jenkins-ci.plugins:generic-webhook-trigger
(Maven)
Oct 19, 2022
Jenkins GitHub plugin uses weak webhook signature function
Low
CVE-2022-36885
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
Jul 28, 2022
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin
Low
CVE-2022-23106
was published
for
io.jenkins:configuration-as-code
(Maven)
Jan 21, 2022
ProTip!
Advisories are also available from the
GraphQL API