GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
43 advisories
Filter by severity
In getMimeGroup of PackageManagerService.java, there is a possible way to determine whether an...
Low
Unreviewed
CVE-2021-1032
was published
Dec 16, 2021
In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to...
Low
Unreviewed
CVE-2021-1031
was published
Dec 16, 2021
In adjustStreamVolume of AudioService.java, there is a possible way to determine whether an app...
Low
Unreviewed
CVE-2021-1018
was published
Dec 16, 2021
In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an...
Low
Unreviewed
CVE-2021-1015
was published
Dec 16, 2021
In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to...
Low
Unreviewed
CVE-2021-0995
was published
Dec 16, 2021
In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an...
Low
Unreviewed
CVE-2021-0990
was published
Dec 16, 2021
In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to...
Low
Unreviewed
CVE-2021-0989
was published
Dec 16, 2021
In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a...
Low
Unreviewed
CVE-2021-0988
was published
Dec 16, 2021
In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine...
Low
Unreviewed
CVE-2021-0987
was published
Dec 16, 2021
** DISPUTED ** On Mooltipass Mini devices, a side channel for the row-based OLED display was...
Low
Unreviewed
CVE-2019-14357
was published
May 24, 2022
** DISPUTED ** On ShapeShift KeepKey devices, a side channel for the row-based OLED display was...
Low
Unreviewed
CVE-2019-14355
was published
May 24, 2022
** DISPUTED ** On BC Vault devices, a side channel for the row-based SSD1309 OLED display was...
Low
Unreviewed
CVE-2019-14359
was published
May 24, 2022
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the...
Low
Unreviewed
CVE-2019-13456
was published
May 24, 2022
Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in...
Low
Unreviewed
CVE-2020-13844
was published
May 24, 2022
An information disclosure vulnerability exists on ARM implementations that use speculative...
Low
Unreviewed
CVE-2020-1459
was published
May 24, 2022
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted...
Low
Unreviewed
CVE-2020-16150
was published
May 24, 2022
An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any...
Low
Unreviewed
CVE-2020-29480
was published
May 24, 2022
Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to...
Low
Unreviewed
CVE-2020-24512
was published
May 24, 2022
net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of...
Low
Unreviewed
CVE-2021-38209
was published
May 24, 2022
An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0...
Low
Unreviewed
CVE-2020-25082
was published
May 24, 2022
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source...
Low
Unreviewed
CVE-2022-32296
was published
Jun 6, 2022
In LocaleManager, there is a possible way to determine whether an app is installed, without query...
Low
Unreviewed
CVE-2022-20251
was published
Aug 12, 2022
In LocaleManager, there is a possible way to determine whether an app is installed, without query...
Low
Unreviewed
CVE-2022-20249
was published
Aug 12, 2022
In PackageManager, there is a possible way to determine whether an app is installed, without...
Low
Unreviewed
CVE-2022-20252
was published
Aug 12, 2022
In PackageInstaller, there is a possible way to determine whether an app is installed, without...
Low
Unreviewed
CVE-2022-20318
was published
Aug 13, 2022
ProTip!
Advisories are also available from the
GraphQL API