GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
323 advisories
Filter by severity
Under certain circumstances a C•CURE Portal user could enumerate user accounts in C•CURE 9000...
Moderate
Unreviewed
CVE-2021-36201
was published
Jul 6, 2023
Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify...
Moderate
Unreviewed
CVE-2023-35698
was published
Jul 10, 2023
A potential power side-channel vulnerability in some AMD processors may allow an authenticated...
Moderate
Unreviewed
CVE-2023-20575
was published
Jul 11, 2023
Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy
Moderate
Unreviewed
CVE-2023-37217
was published
Jul 30, 2023
A potential power side-channel vulnerability in
AMD processors may allow an authenticated...
Moderate
Unreviewed
CVE-2023-20583
was published
Aug 1, 2023
User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could...
Moderate
Unreviewed
CVE-2023-3221
was published
Sep 4, 2023
User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this...
Moderate
Unreviewed
CVE-2023-4095
was published
Sep 19, 2023
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software...
Moderate
Unreviewed
CVE-2023-44216
was published
Sep 27, 2023
A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All...
Moderate
Unreviewed
CVE-2023-43623
was published
Oct 10, 2023
A timing-based side-channel exists in the rust-openssl package, which could be sufficient to...
Moderate
Unreviewed
CVE-2024-3296
was published
Apr 4, 2024
Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy
Moderate
Unreviewed
CVE-2023-31186
was published
May 30, 2023
Pagekit User enumeration
Moderate
CVE-2019-16669
was published
for
pagekit/pagekit
(Composer)
May 24, 2022
A timing side-channel vulnerability has been discovered in the opencryptoki package while...
Moderate
Unreviewed
CVE-2024-0914
was published
Jan 31, 2024
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be...
Moderate
Unreviewed
CVE-2024-2467
was published
Apr 25, 2024
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the...
Moderate
Unreviewed
CVE-2020-14002
was published
May 24, 2022
Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users...
Moderate
Unreviewed
CVE-2022-34623
was published
Aug 20, 2022
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by...
Moderate
Unreviewed
CVE-2024-31878
was published
Jun 7, 2024
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the...
Moderate
Unreviewed
CVE-2023-20569
was published
Aug 8, 2023
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
Moderate
CVE-2024-30171
was published
for
BouncyCastle
(Maven)
May 14, 2024
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature...
Moderate
Unreviewed
CVE-2022-30332
was published
Jan 10, 2023
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Moderate
GHSA-x4gp-pqpj-f43q
was published
for
curve25519-dalek
(Rust)
Jun 18, 2024
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK...
Moderate
Unreviewed
CVE-2024-0553
was published
Jan 16, 2024
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the...
Moderate
Unreviewed
CVE-2023-6240
was published
Feb 4, 2024
ProTip!
Advisories are also available from the
GraphQL API