GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
69 advisories
Filter by severity
Timing attacks might allow practical recovery of the long-term private key
High
CVE-2019-10764
was published
for
simplito/elliptic-php
(Composer)
Nov 20, 2019
/user/sessions endpoint allows detecting valid accounts
High
GHSA-7vwg-39h8-8qp8
was published
for
ezsystems/ezplatform-rest
(Composer)
Mar 11, 2021
/user/sessions endpoint allows detecting valid accounts
High
GHSA-gmrf-99gw-vvwj
was published
for
ezsystems/ezpublish-kernel
(Composer)
Mar 11, 2021
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator
High
CVE-2022-3143
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
Jan 13, 2023
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised...
High
Unreviewed
CVE-2020-36517
was published
Mar 11, 2022
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker...
High
Unreviewed
CVE-2021-20049
was published
Dec 24, 2021
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2...
High
Unreviewed
CVE-2021-38562
was published
May 24, 2022
fastify-bearer-auth vulnerable to Timing Attack Vector
High
CVE-2022-31142
was published
for
@fastify/bearer-auth
(npm)
Jul 15, 2022
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for...
High
Unreviewed
CVE-2022-4499
was published
Jan 11, 2023
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance ...
High
Unreviewed
CVE-2022-20866
was published
Aug 11, 2022
An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 &...
High
Unreviewed
CVE-2021-22892
was published
May 24, 2022
** DISPUTED ** The AES instructions on the ARMv8 platform do not have an algorithm that is ...
High
Unreviewed
CVE-2022-48251
was published
Jan 10, 2023
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous...
High
Unreviewed
CVE-2019-9815
was published
May 24, 2022
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can...
High
Unreviewed
CVE-2021-34575
was published
May 24, 2022
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks...
High
Unreviewed
CVE-2021-33560
was published
May 24, 2022
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users...
High
Unreviewed
CVE-2021-34580
was published
May 24, 2022
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to...
High
Unreviewed
CVE-2022-37459
was published
Aug 18, 2022
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU...
High
Unreviewed
CVE-2021-46778
was published
Aug 11, 2022
On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2),...
High
Unreviewed
CVE-2017-6168
was published
May 13, 2022
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys...
High
Unreviewed
CVE-2016-6489
was published
May 13, 2022
Observable Timing Discrepancy in OpenMage LTS
High
CVE-2020-15151
was published
for
openmage/magento-lts
(Composer)
Aug 19, 2020
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
High
Unreviewed
CVE-2019-10233
was published
May 13, 2022
In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow...
High
Unreviewed
CVE-2019-6602
was published
May 13, 2022
Pterodactyl vulnerable to 2FA Sniffing
High
CVE-2019-1020002
was published
for
pterodactyl/panel
(Composer)
May 24, 2022
A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected...
High
Unreviewed
CVE-2013-10006
was published
Jan 1, 2023
ProTip!
Advisories are also available from the
GraphQL API