Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

323 advisories

Loading
Under certain circumstances a C•CURE Portal user could enumerate user accounts in C•CURE 9000... Moderate Unreviewed
CVE-2021-36201 was published Jul 6, 2023
Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify... Moderate Unreviewed
CVE-2023-35698 was published Jul 10, 2023
A potential power side-channel vulnerability in some AMD processors may allow an authenticated... Moderate Unreviewed
CVE-2023-20575 was published Jul 11, 2023
Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy Moderate Unreviewed
CVE-2023-37217 was published Jul 30, 2023
A potential power side-channel vulnerability in AMD processors may allow an authenticated... Moderate Unreviewed
CVE-2023-20583 was published Aug 1, 2023
User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could... Moderate Unreviewed
CVE-2023-3221 was published Sep 4, 2023
User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this... Moderate Unreviewed
CVE-2023-4095 was published Sep 19, 2023
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software... Moderate Unreviewed
CVE-2023-44216 was published Sep 27, 2023
A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All... Moderate Unreviewed
CVE-2023-43623 was published Oct 10, 2023
A timing-based side-channel exists in the rust-openssl package, which could be sufficient to... Moderate Unreviewed
CVE-2024-3296 was published Apr 4, 2024
Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy Moderate Unreviewed
CVE-2023-31186 was published May 30, 2023
Pagekit User enumeration Moderate
CVE-2019-16669 was published for pagekit/pagekit (Composer) May 24, 2022
A timing side-channel vulnerability has been discovered in the opencryptoki package while... Moderate Unreviewed
CVE-2024-0914 was published Jan 31, 2024
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be... Moderate Unreviewed
CVE-2024-2467 was published Apr 25, 2024
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the... Moderate Unreviewed
CVE-2020-14002 was published May 24, 2022
Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users... Moderate Unreviewed
CVE-2022-34623 was published Aug 20, 2022
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by... Moderate Unreviewed
CVE-2024-31878 was published Jun 7, 2024
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the... Moderate Unreviewed
CVE-2023-20569 was published Aug 8, 2023
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") Moderate
CVE-2024-30171 was published for BouncyCastle (Maven) May 14, 2024
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature... Moderate Unreviewed
CVE-2022-30332 was published Jan 10, 2023
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub` Moderate
GHSA-x4gp-pqpj-f43q was published for curve25519-dalek (Rust) Jun 18, 2024
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK... Moderate Unreviewed
CVE-2024-0553 was published Jan 16, 2024
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the... Moderate Unreviewed
CVE-2023-6240 was published Feb 4, 2024
ProTip! Advisories are also available from the GraphQL API