Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

358 advisories

Loading
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library.... Moderate Unreviewed
CVE-2019-13627 was published May 24, 2022
Pagekit User enumeration Moderate
CVE-2019-16669 was published for pagekit/pagekit (Composer) May 24, 2022
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through... Moderate Unreviewed
CVE-2019-3740 was published May 24, 2022
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing... Moderate Unreviewed
CVE-2019-3739 was published May 24, 2022
SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password... Moderate Unreviewed
CVE-2019-16394 was published May 24, 2022
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that... Moderate Unreviewed
CVE-2019-13140 was published May 24, 2022
In situations where an attacker receives automated notification of the success or failure of a... Moderate Unreviewed
CVE-2019-1563 was published May 24, 2022
An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached ... Moderate Unreviewed
CVE-2019-11465 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers... Moderate Unreviewed
CVE-2019-13599 was published May 24, 2022
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to... Moderate Unreviewed
CVE-2019-15132 was published May 24, 2022
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are... Moderate Unreviewed
CVE-2019-13377 was published May 24, 2022
Search Guard versions before 21.0 had an timing side channel issue when using the internal user... Moderate Unreviewed
CVE-2019-13420 was published May 24, 2022
HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts... Moderate Unreviewed
CVE-2019-12743 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers... Moderate Unreviewed
CVE-2019-13383 was published May 24, 2022
Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to... Moderate Unreviewed
CVE-2019-12383 was published May 24, 2022
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ... Moderate Unreviewed
CVE-2022-24043 was published May 21, 2022
Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability Moderate Unreviewed
CVE-2014-4156 was published May 17, 2022
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider... Moderate Unreviewed
CVE-2013-1620 was published May 14, 2022
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1... Moderate Unreviewed
CVE-2018-9194 was published May 13, 2022
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1... Moderate Unreviewed
CVE-2018-9192 was published May 13, 2022
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login... Moderate Unreviewed
CVE-2017-8055 was published May 13, 2022
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before... Moderate Unreviewed
CVE-2017-7006 was published May 13, 2022
Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an... Moderate Unreviewed
CVE-2017-17427 was published May 13, 2022
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA... Moderate Unreviewed
CVE-2017-1000385 was published May 13, 2022
A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505,... Moderate Unreviewed
CVE-2017-12373 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database