GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
77 advisories
Filter by severity
express-basic-auth Timing Attack due to native string comparison instead of constant time string comparison
Low
GHSA-c35v-qwqg-87jc
was published
for
express-basic-auth
(npm)
Jun 6, 2019
Possible Information Leak / Session Hijack Vulnerability in Rack
Moderate
CVE-2019-16782
was published
for
rack
(RubyGems)
Dec 18, 2019
Potential Observable Timing Discrepancy in Wagtail
Moderate
CVE-2020-11037
was published
for
wagtail
(pip)
May 7, 2020
Timing attack on django-basic-auth-ip-whitelist
Moderate
CVE-2020-4071
was published
for
django-basic-auth-ip-whitelist
(pip)
Jun 23, 2020
Possible timing attack in derivation_endpoint
Moderate
CVE-2020-15237
was published
for
shrine
(RubyGems)
Oct 5, 2020
Activerecord-session_store Vulnerable to Timing Attack
Moderate
CVE-2019-25025
was published
for
activerecord-session_store
(RubyGems)
Mar 9, 2021
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
Moderate
GHSA-9h6g-6mxg-vvp4
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
Moderate
GHSA-c6c4-7x48-4cqp
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
Moderate
CVE-2021-31406
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8
Moderate
CVE-2021-31403
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
Moderate
CVE-2021-31404
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime
Moderate
CVE-2021-29445
was published
for
jose-node-esm-runtime
(npm)
Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime
Moderate
CVE-2021-29446
was published
for
jose-node-cjs-runtime
(npm)
Apr 19, 2021
Observable Timing Discrepancy in aaugustin websockets library
High
CVE-2021-33880
was published
for
websockets
(pip)
Jun 11, 2021
libsecp256k1 contains side-channel timing attack
High
CVE-2019-25003
was published
for
libsecp256k1
(Rust)
Aug 25, 2021
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin
Low
CVE-2022-23106
was published
for
io.jenkins:configuration-as-code
(Maven)
Jan 21, 2022
Apache Hive Information Exposure and Observable Timing Discrepancy
Moderate
CVE-2020-1926
was published
for
org.apache.hive:hive
(Maven)
Feb 9, 2022
A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V5.6.0), RUGGEDCOM ROS...
High
Unreviewed
CVE-2021-42016
was published
Mar 9, 2022
python-jose failure to use a constant time comparison for HMAC keys
Critical
CVE-2016-7036
was published
for
python-jose
(pip)
May 17, 2022
Symfony Vulnerable to Timing Attack
High
CVE-2015-8125
was published
for
symfony/form
(Composer)
May 17, 2022
Non-constant time comparison of inbound TCP agent connection secret
Moderate
CVE-2020-2101
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Non-constant time HMAC comparison
Moderate
CVE-2020-2102
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Potential floating point value injection in all supported CPU products, in conjunction with...
Moderate
Unreviewed
CVE-2021-26314
was published
May 24, 2022
Observable Timing Discrepancy in totp-rs
Moderate
CVE-2022-29185
was published
for
totp-rs
(Rust)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API