GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Jetty vulnerable to exposure of sensitive information due to observable discrepancy
High
CVE-2017-9735
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Timing attacks might allow practical recovery of the long-term private key
High
CVE-2019-10764
was published
for
simplito/elliptic-php
(Composer)
Nov 20, 2019
Observable Timing Discrepancy in OpenMage LTS
High
CVE-2020-15151
was published
for
openmage/magento-lts
(Composer)
Aug 19, 2020
/user/sessions endpoint allows detecting valid accounts
High
GHSA-7vwg-39h8-8qp8
was published
for
ezsystems/ezplatform-rest
(Composer)
Mar 11, 2021
/user/sessions endpoint allows detecting valid accounts
High
GHSA-gmrf-99gw-vvwj
was published
for
ezsystems/ezpublish-kernel
(Composer)
Mar 11, 2021
Symfony Http-Kernel has non-constant time comparison in UriSigner
High
CVE-2019-18887
was published
for
symfony/http-kernel
(Composer)
Mar 26, 2022
Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability
High
CVE-2007-6721
was published
for
bouncycastle:bcprov-jdk14
(Maven)
May 1, 2022
phpMyAdmin Unsafe comparison of XSRF/CSRF token
High
CVE-2016-2041
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Pterodactyl vulnerable to 2FA Sniffing
High
CVE-2019-1020002
was published
for
pterodactyl/panel
(Composer)
May 24, 2022
Magento Signature verification bypass
High
CVE-2020-9588
was published
for
magento/community-edition
(Composer)
May 24, 2022
fastify-bearer-auth vulnerable to Timing Attack Vector
High
CVE-2022-31142
was published
for
@fastify/bearer-auth
(npm)
Jul 15, 2022
Atlantis Events vulnerable to Timing Attack
High
CVE-2022-24912
was published
for
github.com/runatlantis/atlantis
(Go)
Jul 30, 2022
cocagne pysrp vulnerable to side channel leaks
High
CVE-2021-4286
was published
for
srp
(pip)
Dec 27, 2022
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator
High
CVE-2022-3143
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
Jan 13, 2023
Observable timing discrepancy in JOpenId
High
CVE-2010-10006
was published
for
org.expressme:JOpenId
(Maven)
Jan 18, 2023
Marvin Attack of RSA and RSAOAEP decryption in jsrsasign
High
CVE-2024-21484
was published
for
jsrsasign
(npm)
Jan 19, 2024
Minerva timing attack on P-256 in python-ecdsa
High
CVE-2024-23342
was published
for
ecdsa
(pip)
Jan 22, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
High
CVE-2023-50782
was published
for
cryptography
(pip)
Feb 5, 2024
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
High
CVE-2023-51437
was published
for
org.apache.pulsar:pulsar-broker-auth-sasl
(Maven)
Feb 7, 2024
ProTip!
Advisories are also available from the
GraphQL API