Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

512 advisories

Loading
An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response... High Unreviewed
CVE-2022-45177 was published Feb 21, 2024
User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported... Moderate Unreviewed
CVE-2024-26268 was published Feb 20, 2024
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable... Critical Unreviewed
CVE-2024-25714 was published Feb 11, 2024
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a... Moderate Unreviewed
CVE-2023-6935 was published Feb 10, 2024
l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed
CVE-2024-25190 was published Feb 8, 2024
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed
CVE-2024-25191 was published Feb 8, 2024
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed
CVE-2024-25189 was published Feb 8, 2024
Liferay Portal allows attackers to discover the existence of sites Moderate
CVE-2024-25146 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability High
CVE-2023-51437 was published for org.apache.pulsar:pulsar-broker-auth-sasl (Maven) Feb 7, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack High
CVE-2023-50782 was published for cryptography (pip) Feb 5, 2024
A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib... Moderate Unreviewed
CVE-2024-0202 was published Feb 5, 2024
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the... Moderate Unreviewed
CVE-2023-6240 was published Feb 4, 2024
Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy... Moderate Unreviewed
CVE-2021-21575 was published Feb 2, 2024
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as... Moderate Unreviewed
CVE-2023-5992 was published Jan 31, 2024
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing... Moderate Unreviewed
CVE-2024-23170 was published Jan 31, 2024
A timing side-channel vulnerability has been discovered in the opencryptoki package while... Moderate Unreviewed
CVE-2024-0914 was published Jan 31, 2024
A security vulnerability has been identified in the pkcs11-provider, which is associated with... High Unreviewed
CVE-2023-6258 was published Jan 30, 2024
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of... Moderate Unreviewed
CVE-2024-0564 was published Jan 30, 2024
An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user... Moderate Unreviewed
CVE-2024-22647 was published Jan 30, 2024
A timing side-channel issue was addressed with improvements to constant-time computation in... Moderate Unreviewed
CVE-2024-23218 was published Jan 23, 2024
Minerva timing attack on P-256 in python-ecdsa High
CVE-2024-23342 was published for ecdsa (pip) Jan 22, 2024
tomato42
darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which... Critical Unreviewed
CVE-2024-23771 was published Jan 22, 2024
Marvin Attack of RSA and RSAOAEP decryption in jsrsasign High
CVE-2024-21484 was published for jsrsasign (npm) Jan 19, 2024
tomato42
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK... Moderate Unreviewed
CVE-2024-0553 was published Jan 16, 2024
PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption High
CVE-2023-52323 was published for pycryptodome (pip) Jan 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database