GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
512 advisories
Filter by severity
Timing attacks might allow practical recovery of the long-term private key
High
CVE-2019-10764
was published
for
simplito/elliptic-php
(Composer)
Nov 20, 2019
/user/sessions endpoint allows detecting valid accounts
High
GHSA-7vwg-39h8-8qp8
was published
for
ezsystems/ezplatform-rest
(Composer)
Mar 11, 2021
/user/sessions endpoint allows detecting valid accounts
High
GHSA-gmrf-99gw-vvwj
was published
for
ezsystems/ezpublish-kernel
(Composer)
Mar 11, 2021
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator
High
CVE-2022-3143
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
Jan 13, 2023
The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a...
Moderate
Unreviewed
CVE-2021-44421
was published
Mar 11, 2022
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised...
High
Unreviewed
CVE-2020-36517
was published
Mar 11, 2022
In People, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2021-39775
was published
Mar 31, 2022
In Framework, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2021-39756
was published
Mar 31, 2022
In DevicePolicyManager, there is a possible way to reveal the existence of an installed package...
Moderate
Unreviewed
CVE-2021-39755
was published
Mar 31, 2022
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without...
Moderate
Unreviewed
CVE-2021-39745
was published
Mar 31, 2022
In Media, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2021-39761
was published
Mar 31, 2022
In AudioService, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2021-39760
was published
Mar 31, 2022
In ContextImpl, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2021-39754
was published
Mar 31, 2022
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without...
Moderate
Unreviewed
CVE-2021-39744
was published
Mar 31, 2022
In VpnManagerService, there is a possible disclosure of installed VPN packages due to side...
Moderate
Unreviewed
CVE-2021-39773
was published
Mar 31, 2022
In WallpaperManagerService, there is a possible way to determine whether an app is installed,...
Moderate
Unreviewed
CVE-2021-39791
was published
Mar 31, 2022
In TelecomManager, there is a possible way to check if a particular self managed phone account...
Moderate
Unreviewed
CVE-2021-39788
was published
Mar 31, 2022
In Settings, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2021-39766
was published
Mar 31, 2022
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due...
Moderate
Unreviewed
CVE-2022-22356
was published
Apr 6, 2022
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker...
High
Unreviewed
CVE-2021-20049
was published
Dec 24, 2021
Observable Discrepancy in BouncyCastle
Moderate
CVE-2017-13098
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
May 13, 2022
Observable discrepancies in the login process allow an attacker to guess legitimate user names...
Moderate
Unreviewed
CVE-2021-45925
was published
Oct 24, 2022
TYPO3 CMS vulnerable to User Enumeration via Response Timing
Moderate
CVE-2022-36105
was published
for
typo3/cms
(Composer)
Sep 16, 2022
Observable Discrepancy in Wildfly Elytron
Moderate
CVE-2021-3642
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
May 24, 2022
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1...
Moderate
Unreviewed
CVE-2019-18222
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API