Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

466 advisories

Loading
IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based... High Unreviewed
CVE-2023-32342 was published May 31, 2023
When supplied with a random MAC address, Snap One OvrC cloud servers will return... Moderate Unreviewed
CVE-2023-28412 was published May 22, 2023
Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215,... Moderate Unreviewed
CVE-2023-23449 was published May 15, 2023
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be... Moderate Unreviewed
CVE-2022-40482 was published Apr 25, 2023
A username enumeration issue was discovered in Medicine Tracker System 1.0. The login... Moderate Unreviewed
CVE-2023-30458 was published Apr 24, 2023
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal... Moderate Unreviewed
CVE-2021-31866 was published May 24, 2022
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular... Moderate Unreviewed
CVE-2020-11735 was published May 24, 2022
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example... Moderate Unreviewed
CVE-2020-7959 was published May 24, 2022
GnuTLS incorrectly validates the first byte of padding in CBC modes Moderate Unreviewed
CVE-2015-8313 was published May 24, 2022
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to... Moderate Unreviewed
CVE-2015-0837 was published May 24, 2022
On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power... Moderate Unreviewed
CVE-2019-14358 was published May 24, 2022
Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the... Moderate Unreviewed
CVE-2019-15809 was published May 24, 2022
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library.... Moderate Unreviewed
CVE-2019-13627 was published May 24, 2022
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing... Moderate Unreviewed
CVE-2019-3739 was published May 24, 2022
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through... Moderate Unreviewed
CVE-2019-3740 was published May 24, 2022
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that... Moderate Unreviewed
CVE-2019-13140 was published May 24, 2022
In situations where an attacker receives automated notification of the success or failure of a... Moderate Unreviewed
CVE-2019-1563 was published May 24, 2022
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are... Moderate Unreviewed
CVE-2019-13377 was published May 24, 2022
HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts... Moderate Unreviewed
CVE-2019-12743 was published May 24, 2022
Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability Moderate Unreviewed
CVE-2014-4156 was published May 17, 2022
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth... Moderate Unreviewed
CVE-2020-25200 was published May 24, 2022
** DISPUTED ** On Mooltipass Mini devices, a side channel for the row-based OLED display was... Low Unreviewed
CVE-2019-14357 was published May 24, 2022
** DISPUTED ** On BC Vault devices, a side channel for the row-based SSD1309 OLED display was... Low Unreviewed
CVE-2019-14359 was published May 24, 2022
** DISPUTED ** On ShapeShift KeepKey devices, a side channel for the row-based OLED display was... Low Unreviewed
CVE-2019-14355 was published May 24, 2022
** DISPUTED ** On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was... Moderate Unreviewed
CVE-2019-14356 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database