GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
Moderate
GHSA-c6c4-7x48-4cqp
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
Moderate
GHSA-9h6g-6mxg-vvp4
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator
High
CVE-2022-3143
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
Jan 13, 2023
Apache Hive Information Exposure and Observable Timing Discrepancy
Moderate
CVE-2020-1926
was published
for
org.apache.hive:hive
(Maven)
Feb 9, 2022
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
Moderate
CVE-2021-31406
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8
Moderate
CVE-2021-31403
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
Moderate
CVE-2021-31404
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin
Low
CVE-2022-43412
was published
for
org.jenkins-ci.plugins:generic-webhook-trigger
(Maven)
Oct 19, 2022
OpenSearch has time discrepancy in authentication responses
Moderate
CVE-2023-25806
was published
for
org.opensearch.plugin:opensearch-security
(Maven)
Mar 7, 2023
Observable timing discrepancy in JOpenId
High
CVE-2010-10006
was published
for
org.expressme:JOpenId
(Maven)
Jan 18, 2023
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin
Low
CVE-2023-46660
was published
for
org.jenkins-ci.plugins:zanata
(Maven)
Oct 25, 2023
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46658
was published
for
io.jenkins.plugins:teams-webhook-trigger
(Maven)
Oct 25, 2023
Jenkins Gogs Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46657
was published
for
org.jenkins-ci.plugins:gogs-webhook
(Maven)
Oct 25, 2023
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46656
was published
for
igalg.jenkins.plugins:multibranch-scan-webhook-trigger
(Maven)
Oct 25, 2023
Non-constant time comparison of inbound TCP agent connection secret
Moderate
CVE-2020-2101
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Non-constant time HMAC comparison
Moderate
CVE-2020-2102
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin
Low
CVE-2022-23106
was published
for
io.jenkins:configuration-as-code
(Maven)
Jan 21, 2022
Observable timing discrepancy allows determining username validity in Jenkins
Moderate
CVE-2022-34174
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Jenkins GitHub plugin uses weak webhook signature function
Low
CVE-2022-36885
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
Jul 28, 2022
Non-constant time webhook token comparison in Jenkins GitLab Plugin
Low
CVE-2022-43411
was published
for
org.jenkins-ci.plugins:gitlab-plugin
(Maven)
Oct 19, 2022
ProTip!
Advisories are also available from the
GraphQL API