Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,585
Maven
5,000+
npm
5,000+
NuGet
923
pip
4,817
Pub
13
RubyGems
1,043
Rust
1,251
Swift
53
Unreviewed advisories
All unreviewed
5,000+

660 advisories

Loading
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being... Moderate Unreviewed
CVE-2020-1968 was published May 24, 2022
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate... Moderate Unreviewed
CVE-2023-5872 was published Apr 16, 2026
The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-11297 was published Dec 20, 2024
The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid... Low Unreviewed
CVE-2025-67806 was published Apr 1, 2026
On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found.... Low Unreviewed
CVE-2019-14360 was published May 24, 2022
User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to... Moderate Unreviewed
CVE-2026-26895 was published Apr 2, 2026
A timing side-channel issue was addressed with improvements to constant-time computation in... Moderate Unreviewed
CVE-2024-23218 was published Jan 23, 2024
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is... Moderate Unreviewed
CVE-2024-27839 was published May 14, 2024
Parse Server has a protected field change detection oracle via LiveQuery watch parameter Moderate
CVE-2026-33429 was published for parse-server (npm) Mar 20, 2026
offset Credited to offset and mtrezza mtrezza mtrezza
Theoretically, it would be possible for an attacker to brute-force the password for an instance... High Unreviewed
CVE-2024-0436 was published Feb 26, 2024
IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable... Moderate Unreviewed
CVE-2023-50306 was published Feb 20, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack High
CVE-2023-50782 was published for cryptography (pip) Feb 5, 2024
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability High
CVE-2023-51437 was published for org.apache.pulsar:pulsar-broker-auth-sasl (Maven) Feb 7, 2024
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security... Moderate Unreviewed
CVE-2021-3011 was published May 24, 2022
In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into... Low Unreviewed
CVE-2026-3580 was published Mar 19, 2026
wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64... Low Unreviewed
CVE-2026-3579 was published Mar 19, 2026
l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed
CVE-2024-25190 was published Feb 8, 2024
The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet... Moderate Unreviewed
CVE-2005-0918 was published May 1, 2022
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given... Moderate Unreviewed
CVE-2004-1602 was published Apr 29, 2022
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an... Moderate Unreviewed
CVE-2003-0190 was published Apr 29, 2022
Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a... Moderate Unreviewed
CVE-2003-0637 was published Apr 29, 2022
IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to... Moderate Unreviewed
CVE-2023-38362 was published Mar 4, 2024
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing... Moderate Unreviewed
CVE-2024-23170 was published Jan 31, 2024
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed
CVE-2024-25189 was published Feb 8, 2024
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as... Moderate Unreviewed
CVE-2023-5992 was published Jan 31, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database