GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
466 advisories
Filter by severity
In ContentResolver, there is a possible way to determine whether an app is installed, without...
Low
Unreviewed
CVE-2022-20316
was published
Aug 13, 2022
Timing attack on HMAC signature comparison in Apache Tapestry
Critical
CVE-2019-10071
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Sep 26, 2019
fastify-bearer-auth vulnerable to Timing Attack Vector
High
CVE-2022-31142
was published
for
@fastify/bearer-auth
(npm)
Jul 15, 2022
The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by...
Moderate
Unreviewed
CVE-2022-32425
was published
Jul 15, 2022
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified...
Moderate
Unreviewed
CVE-2022-20752
was published
Jul 7, 2022
A potential vulnerability in some AMD processors using frequency scaling may allow an...
Moderate
Unreviewed
CVE-2022-23823
was published
Jun 16, 2022
A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid...
Moderate
Unreviewed
CVE-2021-41634
was published
Jun 25, 2022
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore)...
Moderate
Unreviewed
CVE-2022-32273
was published
Jun 9, 2022
Observable behavioral in power management throttling for some Intel(R) Processors may allow an...
Moderate
Unreviewed
CVE-2022-24436
was published
Jun 16, 2022
Potential speculative code store bypass in all supported CPU products, in conjunction with...
Moderate
Unreviewed
CVE-2021-26313
was published
May 24, 2022
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could...
Moderate
Unreviewed
CVE-2022-0823
was published
Jun 10, 2022
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted...
Low
Unreviewed
CVE-2020-16150
was published
May 24, 2022
When binding against a DN during authentication, the reply from 389-ds-base will be different...
Moderate
Unreviewed
CVE-2020-35518
was published
May 24, 2022
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding...
Moderate
Unreviewed
CVE-2021-24119
was published
May 24, 2022
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs...
Moderate
Unreviewed
CVE-2020-27170
was published
May 24, 2022
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2...
High
Unreviewed
CVE-2021-38562
was published
May 24, 2022
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1...
Moderate
Unreviewed
CVE-2019-18222
was published
May 24, 2022
Observable Discrepancy in Wildfly Elytron
Moderate
CVE-2021-3642
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
May 24, 2022
TYPO3 CMS vulnerable to User Enumeration via Response Timing
Moderate
CVE-2022-36105
was published
for
typo3/cms
(Composer)
Sep 16, 2022
Observable discrepancies in the login process allow an attacker to guess legitimate user names...
Moderate
Unreviewed
CVE-2021-45925
was published
Oct 24, 2022
Observable Discrepancy in BouncyCastle
Moderate
CVE-2017-13098
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
May 13, 2022
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker...
High
Unreviewed
CVE-2021-20049
was published
Dec 24, 2021
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due...
Moderate
Unreviewed
CVE-2022-22356
was published
Apr 6, 2022
In WallpaperManagerService, there is a possible way to determine whether an app is installed,...
Moderate
Unreviewed
CVE-2021-39791
was published
Mar 31, 2022
In Settings, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2021-39766
was published
Mar 31, 2022
ProTip!
Advisories are also available from the
GraphQL API