GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
56 advisories
Filter by severity
Some Honor products are affected by incorrect privilege assignment vulnerability, successful...
Low
Unreviewed
CVE-2024-47149
was published
Dec 26, 2024
Some Honor products are affected by information leak vulnerability, successful exploitation could...
Low
Unreviewed
CVE-2024-47150
was published
Dec 26, 2024
Some Honor products are affected by information leak vulnerability, successful exploitation could...
Low
Unreviewed
CVE-2024-47156
was published
Dec 26, 2024
Information Disclosure in Password Reset
Low
CVE-2020-11063
was published
for
typo3/cms
(Composer)
May 13, 2020
i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden...
Low
Unreviewed
CVE-2023-36325
was published
Oct 9, 2024
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are...
Low
Unreviewed
CVE-2024-21251
was published
Oct 15, 2024
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition...
Low
Unreviewed
CVE-2024-21208
was published
Oct 15, 2024
Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are...
Low
Unreviewed
CVE-2024-21210
was published
Oct 15, 2024
This issue was addressed by restricting options offered on a locked device. This issue is fixed...
Low
Unreviewed
CVE-2022-46724
was published
Aug 15, 2023
1Panel's password verification is suspected to have a timing attack vulnerability
Low
CVE-2024-30257
was published
for
github.com/1Panel-dev/1Panel
(Go)
Apr 18, 2024
IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user...
Low
Unreviewed
CVE-2024-31870
was published
Jun 15, 2024
s2n-tls has a potentially observable differences in RSA premaster secret handling
Low
GHSA-52xf-5p2m-9wrv
was published
for
s2n-tls
(Rust)
Jun 6, 2024
** DISPUTED ** On BC Vault devices, a side channel for the row-based SSD1309 OLED display was...
Low
Unreviewed
CVE-2019-14359
was published
May 24, 2022
** DISPUTED ** On Mooltipass Mini devices, a side channel for the row-based OLED display was...
Low
Unreviewed
CVE-2019-14357
was published
May 24, 2022
** DISPUTED ** On ShapeShift KeepKey devices, a side channel for the row-based OLED display was...
Low
Unreviewed
CVE-2019-14355
was published
May 24, 2022
In placeCall of TelecomManager.java, there is a possible way to determine whether an app is...
Low
Unreviewed
CVE-2022-20531
was published
Dec 20, 2022
An information disclosure vulnerability exists on ARM implementations that use speculative...
Low
Unreviewed
CVE-2020-1459
was published
May 24, 2022
Non-constant time webhook token comparison in Jenkins GitLab Plugin
Low
CVE-2022-43411
was published
for
org.jenkins-ci.plugins:gitlab-plugin
(Maven)
Oct 19, 2022
Jenkins GitHub plugin uses weak webhook signature function
Low
CVE-2022-36885
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
Jul 28, 2022
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin
Low
CVE-2022-23106
was published
for
io.jenkins:configuration-as-code
(Maven)
Jan 21, 2022
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation
Low
CVE-2023-50708
was published
for
yiisoft/yii2-authclient
(Composer)
Dec 18, 2023
In Package Manager, there is a possible way to determine whether an app is installed, without...
Low
Unreviewed
CVE-2023-21349
was published
Oct 30, 2023
In Window Manager, there is a possible way to determine whether an app is installed, without...
Low
Unreviewed
CVE-2023-21348
was published
Oct 30, 2023
In Game Manager Service, there is a possible way to determine whether an app is installed,...
Low
Unreviewed
CVE-2023-21345
was published
Oct 30, 2023
Jenkins Tuleap Authentication Plugin non-constant time token comparison
Low
CVE-2023-40343
was published
for
io.jenkins.plugins:tuleap-oauth
(Maven)
Aug 16, 2023
ProTip!
Advisories are also available from the
GraphQL API