GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
323 advisories
Filter by severity
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The...
Moderate
Unreviewed
CVE-2021-33845
was published
May 7, 2022
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and...
Moderate
Unreviewed
CVE-2017-5107
was published
May 13, 2022
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to...
Moderate
Unreviewed
CVE-2019-1559
was published
May 13, 2022
User enumeration leak using switch user functionality in Symfony
Moderate
CVE-2019-18886
was published
for
symfony/security-http
(Composer)
Dec 2, 2019
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel...
Moderate
Unreviewed
CVE-2019-9495
was published
May 13, 2022
Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat ...
Moderate
Unreviewed
CVE-2017-18268
was published
May 13, 2022
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks...
Moderate
Unreviewed
CVE-2019-9494
was published
May 13, 2022
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1...
Moderate
Unreviewed
CVE-2017-15533
was published
May 13, 2022
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle...
Moderate
Unreviewed
CVE-2018-16869
was published
May 13, 2022
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls...
Moderate
Unreviewed
CVE-2018-16868
was published
May 13, 2022
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software...
Moderate
Unreviewed
CVE-2018-5407
was published
May 13, 2022
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an...
Moderate
Unreviewed
CVE-2018-0134
was published
May 13, 2022
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA...
Moderate
Unreviewed
CVE-2018-0495
was published
May 13, 2022
Padding Oracle Attack due to Observable Timing Discrepancy in jose
Moderate
CVE-2021-29443
was published
for
jose
(npm)
Apr 19, 2021
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
Moderate
CVE-2021-31406
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8
Moderate
CVE-2021-31403
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
Moderate
CVE-2021-31404
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows...
Moderate
Unreviewed
CVE-2018-10949
was published
May 13, 2022
Observable Response Discrepancy in Flask-AppBuilder
Moderate
CVE-2021-29621
was published
for
Flask-AppBuilder
(pip)
May 27, 2021
Observable Timing Discrepancy in aaugustin websockets library
Moderate
CVE-2021-33880
was published
for
websockets
(pip)
Jun 11, 2021
Systems with microprocessors utilizing speculative execution and address translations may allow...
Moderate
Unreviewed
CVE-2018-3620
was published
May 13, 2022
Systems with microprocessors utilizing speculative execution and that perform speculative reads...
Moderate
Unreviewed
CVE-2018-3640
was published
May 13, 2022
Systems with microprocessors utilizing speculative execution and Intel software guard extensions ...
Moderate
Unreviewed
CVE-2018-3615
was published
May 13, 2022
Observable Response Discrepancy in Lost Password Service
Moderate
CVE-2021-39189
was published
for
pimcore/pimcore
(Composer)
Sep 20, 2021
In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to...
Moderate
Unreviewed
CVE-2021-1014
was published
Dec 16, 2021
ProTip!
Advisories are also available from the
GraphQL API