GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,079
Maven
5,000+
npm
3,747
NuGet
674
pip
3,435
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+
74 advisories
Filter by severity
Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when...
High
Unreviewed
CVE-2024-39830
was published
Jul 3, 2024
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK...
High
Unreviewed
CVE-2023-5981
was published
Nov 28, 2023
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
High
CVE-2023-51437
was published
for
org.apache.pulsar:pulsar-broker-auth-sasl
(Maven)
Feb 7, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
High
CVE-2023-50782
was published
for
cryptography
(pip)
Feb 5, 2024
An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response...
High
Unreviewed
CVE-2022-45177
was published
Feb 21, 2024
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401,...
High
Unreviewed
CVE-2024-39921
was published
Sep 4, 2024
PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption
High
CVE-2023-52323
was published
for
pycryptodome
(pip)
Jan 5, 2024
cocagne pysrp vulnerable to side channel leaks
High
CVE-2021-4286
was published
for
srp
(pip)
Dec 27, 2022
Video frames could have been leaked between origins in some situations. This vulnerability...
High
Unreviewed
CVE-2024-10463
was published
Oct 29, 2024
TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem...
High
Unreviewed
CVE-2023-34669
was published
Jul 17, 2023
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically...
High
Unreviewed
CVE-2024-5124
was published
Jun 6, 2024
An issue in Sourcebans++ before v.1.8.0 allows a remote attacker to obtain sensitive information...
High
Unreviewed
CVE-2024-40490
was published
Nov 1, 2024
A potential security vulnerability has been reported in the system BIOS of certain HP PC products...
High
Unreviewed
CVE-2023-5410
was published
Mar 12, 2024
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack...
High
Unreviewed
CVE-2024-7010
was published
Oct 29, 2024
Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may...
High
Unreviewed
CVE-2024-28885
was published
Nov 13, 2024
Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)
High
CVE-2014-9720
was published
for
tornado
(pip)
May 17, 2022
CubeFS timing attack can leak user passwords
High
CVE-2023-46739
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
Observable Timing Discrepancy in aaugustin websockets library
High
CVE-2021-33880
was published
for
websockets
(pip)
Jun 11, 2021
In the LG LAF component, there is a special command that allowed modification of certain...
High
Unreviewed
CVE-2018-9364
was published
Nov 19, 2024
An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the...
High
Unreviewed
CVE-2023-34878
was published
Jun 14, 2023
Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to...
High
Unreviewed
CVE-2023-1707
was published
Jun 13, 2023
An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows...
High
Unreviewed
CVE-2024-54767
was published
Jan 7, 2025
Windows DNS Server Remote Code Execution Vulnerability
High
Unreviewed
CVE-2024-26221
was published
Apr 9, 2024
Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device.
High
Unreviewed
CVE-2023-33741
was published
May 31, 2023
ProTip!
Advisories are also available from the
GraphQL API