Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

68 advisories

Loading
Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may... High Unreviewed
CVE-2024-28885 was published Nov 13, 2024
An issue in Sourcebans++ before v.1.8.0 allows a remote attacker to obtain sensitive information... High Unreviewed
CVE-2024-40490 was published Nov 1, 2024
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack... High Unreviewed
CVE-2024-7010 was published Oct 29, 2024
Video frames could have been leaked between origins in some situations. This vulnerability... High Unreviewed
CVE-2024-10463 was published Oct 29, 2024
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401,... High Unreviewed
CVE-2024-39921 was published Sep 4, 2024
Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when... High Unreviewed
CVE-2024-39830 was published Jul 3, 2024
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with... High Unreviewed
CVE-2024-37880 was published Jun 10, 2024
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically... High Unreviewed
CVE-2024-5124 was published Jun 6, 2024
A potential security vulnerability has been reported in the system BIOS of certain HP PC products... High Unreviewed
CVE-2023-5410 was published Mar 12, 2024
An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response... High Unreviewed
CVE-2022-45177 was published Feb 21, 2024
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability High
CVE-2023-51437 was published for org.apache.pulsar:pulsar-broker-auth-sasl (Maven) Feb 7, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack High
CVE-2023-50782 was published for cryptography (pip) Feb 5, 2024
A security vulnerability has been identified in the pkcs11-provider, which is associated with... High Unreviewed
CVE-2023-6258 was published Jan 30, 2024
Minerva timing attack on P-256 in python-ecdsa High
CVE-2024-23342 was published for ecdsa (pip) Jan 22, 2024
tomato42
Marvin Attack of RSA and RSAOAEP decryption in jsrsasign High
CVE-2024-21484 was published for jsrsasign (npm) Jan 19, 2024
tomato42
PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption High
CVE-2023-52323 was published for pycryptodome (pip) Jan 5, 2024
CubeFS timing attack can leak user passwords High
CVE-2023-46739 was published for github.com/cubefs/cubefs (Go) Jan 3, 2024
AdamKorcz
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant... High Unreviewed
CVE-2023-45287 was published Dec 5, 2023
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK... High Unreviewed
CVE-2023-5981 was published Nov 28, 2023
In InputMethod, there is a possible way to determine whether an app is installed, without query... High Unreviewed
CVE-2023-21337 was published Oct 30, 2023
In Package Installer, there is a possible way to determine whether an app is installed, without... High Unreviewed
CVE-2023-21324 was published Oct 30, 2023
In Slice, there is a possible disclosure of installed applications due to side channel... High Unreviewed
CVE-2023-21298 was published Oct 30, 2023
User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during... High Unreviewed
CVE-2023-36127 was published Oct 11, 2023
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated... High Unreviewed
CVE-2023-25529 was published Sep 20, 2023
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a... High Unreviewed
CVE-2023-33850 was published Aug 22, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database