Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

22 advisories

Loading
Timing attacks might allow practical recovery of the long-term private key High
CVE-2019-10764 was published for simplito/elliptic-php (Composer) Nov 20, 2019
User enumeration leak using switch user functionality in Symfony Moderate
CVE-2019-18886 was published for symfony/security-http (Composer) Dec 2, 2019
Information Disclosure in Password Reset Low
CVE-2020-11063 was published for typo3/cms (Composer) May 13, 2020
NeoBlack ohader
Observable Timing Discrepancy in OpenMage LTS High
CVE-2020-15151 was published for openmage/magento-lts (Composer) Aug 19, 2020
Flyingmana theroch
/user/sessions endpoint allows detecting valid accounts High
GHSA-7vwg-39h8-8qp8 was published for ezsystems/ezplatform-rest (Composer) Mar 11, 2021
/user/sessions endpoint allows detecting valid accounts High
GHSA-gmrf-99gw-vvwj was published for ezsystems/ezpublish-kernel (Composer) Mar 11, 2021
Prevent user enumeration using Guard or the new Authenticator-based Security Moderate
CVE-2021-21424 was published for lexik/jwt-authentication-bundle (Composer) May 13, 2021
jamesisaac mbrodala
chalasr
Observable Response Discrepancy in Lost Password Service Moderate
CVE-2021-39189 was published for pimcore/pimcore (Composer) Sep 20, 2021
Exposure of Sensitive Information in snipe/snipe-it Moderate
CVE-2022-0569 was published for snipe/snipe-it (Composer) Feb 15, 2022
Symfony Http-Kernel has non-constant time comparison in UriSigner High
CVE-2019-18887 was published for symfony/http-kernel (Composer) Mar 26, 2022
Discoverability of user password hash in Statamic CMS Low
CVE-2022-24784 was published for statamic/cms (Composer) Mar 29, 2022
phpMyAdmin Unsafe comparison of XSRF/CSRF token High
CVE-2016-2041 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Pterodactyl vulnerable to 2FA Sniffing High
CVE-2019-1020002 was published for pterodactyl/panel (Composer) May 24, 2022
ygmpxwn
Pagekit User enumeration Moderate
CVE-2019-16669 was published for pagekit/pagekit (Composer) May 24, 2022
Magento Signature verification bypass High
CVE-2020-9588 was published for magento/community-edition (Composer) May 24, 2022
Magento observable timing discrepancy vulnerability Moderate
CVE-2020-9690 was published for magento/community-edition (Composer) May 24, 2022
TYPO3 CMS vulnerable to User Enumeration via Response Timing Moderate
CVE-2022-36105 was published for typo3/cms (Composer) Sep 16, 2022
Vautia
Snipe-IT allows attackers to check whether a user account exists Moderate
CVE-2022-44381 was published for snipe/snipe-it (Composer) Dec 25, 2022
Barzahlen Payment Module PHP SDK vulnerable to Observable Timing Discrepancy Moderate
CVE-2016-15015 was published for barzahlen/barzahlen-php (Composer) Jan 8, 2023
Economizzer user enumeration vulnerability Moderate
CVE-2023-38871 was published for gugoan/economizzer (Composer) Sep 28, 2023
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation Low
CVE-2023-50708 was published for yiisoft/yii2-authclient (Composer) Dec 18, 2023
rhertogh
PHPECC vulnerable to multiple cryptographic side-channel attacks Critical
GHSA-346h-749j-r28w was published for mdanter/ecc (Composer) Apr 25, 2024
ProTip! Advisories are also available from the GraphQL API