Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,176
Erlang
30
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

356 advisories

Loading
Systems with microprocessors utilizing speculative execution and Intel software guard extensions ... Moderate Unreviewed
CVE-2018-3615 was published May 13, 2022
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows... Moderate Unreviewed
CVE-2018-10949 was published May 13, 2022
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA... Moderate Unreviewed
CVE-2018-0495 was published May 13, 2022
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an... Moderate Unreviewed
CVE-2018-0134 was published May 13, 2022
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software... Moderate Unreviewed
CVE-2018-5407 was published May 13, 2022
Observable Discrepancy in BouncyCastle Moderate
CVE-2017-13098 was published for org.bouncycastle:bcprov-jdk15on (Maven) May 13, 2022
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls... Moderate Unreviewed
CVE-2018-16868 was published May 13, 2022
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle... Moderate Unreviewed
CVE-2018-16869 was published May 13, 2022
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1... Moderate Unreviewed
CVE-2017-15533 was published May 13, 2022
Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat ... Moderate Unreviewed
CVE-2017-18268 was published May 13, 2022
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks... Moderate Unreviewed
CVE-2019-9494 was published May 13, 2022
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel... Moderate Unreviewed
CVE-2019-9495 was published May 13, 2022
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly... Moderate Unreviewed
CVE-2016-2178 was published May 13, 2022
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to... Moderate Unreviewed
CVE-2019-1559 was published May 13, 2022
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and... Moderate Unreviewed
CVE-2017-5107 was published May 13, 2022
Observable Discrepancy in Apache Tomcat Moderate
CVE-2016-0762 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ
Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to... Moderate Unreviewed
CVE-2021-33149 was published May 13, 2022
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The... Moderate Unreviewed
CVE-2021-33845 was published May 7, 2022
The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet... Moderate Unreviewed
CVE-2005-0918 was published May 1, 2022
The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which... Moderate Unreviewed
CVE-2004-2252 was published Apr 29, 2022
Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and... Moderate Unreviewed
CVE-2004-2150 was published Apr 29, 2022
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given... Moderate Unreviewed
CVE-2004-1602 was published Apr 29, 2022
ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of... Moderate Unreviewed
CVE-2004-1428 was published Apr 29, 2022
Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a... Moderate Unreviewed
CVE-2003-0637 was published Apr 29, 2022
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an... Moderate Unreviewed
CVE-2003-0190 was published Apr 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database