GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,314
Composer 3,956
Erlang 29
GitHub Actions 16
Go 1,740
Maven 4,967
npm 3,507
NuGet 609
pip 3,064
Pub 10
RubyGems 832
Rust 780
Swift 34

Unreviewed advisories

All unreviewed 220,568

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

439 advisories

Filter by severity

Sort by

Least recently updated

curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub` Moderate

GHSA-x4gp-pqpj-f43q was published for curve25519-dalek (Rust) Jun 18, 2024

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with... High Unreviewed

CVE-2024-37880 was published Jun 10, 2024

IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by... Moderate Unreviewed

CVE-2024-31878 was published Jun 7, 2024

s2n-tls has a potentially observable differences in RSA premaster secret handling Low

GHSA-52xf-5p2m-9wrv was published for s2n-tls (Rust) Jun 6, 2024

Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") Moderate

CVE-2024-30171 was published for BouncyCastle (Maven) May 14, 2024

PHPECC vulnerable to multiple cryptographic side-channel attacks Critical

GHSA-346h-749j-r28w was published for mdanter/ecc (Composer) Apr 25, 2024

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be... Moderate Unreviewed

CVE-2024-2467 was published Apr 25, 2024

1Panel's password verification is suspected to have a timing attack vulnerability Low

CVE-2024-30257 was published for github.com/1Panel-dev/1Panel (Go) Apr 18, 2024

A timing-based side-channel exists in the rust-openssl package, which could be sufficient to... Moderate Unreviewed

CVE-2024-3296 was published Apr 4, 2024

This issue occurs during password recovery, where a difference in messages could allow an... Unknown Unreviewed

CVE-2024-2464 was published Mar 21, 2024

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response... High Unreviewed

CVE-2022-45177 was published Feb 21, 2024

User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported... Moderate Unreviewed

CVE-2024-26268 was published Feb 20, 2024

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a... Moderate Unreviewed

CVE-2023-6935 was published Feb 10, 2024

php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed

CVE-2024-25191 was published Feb 8, 2024

l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed

CVE-2024-25190 was published Feb 8, 2024

libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed

CVE-2024-25189 was published Feb 8, 2024

Liferay Portal allows attackers to discover the existence of sites Moderate

CVE-2024-25146 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024

Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability High

CVE-2023-51437 was published for org.apache.pulsar:pulsar-broker-auth-sasl (Maven) Feb 7, 2024

A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib... Moderate Unreviewed

CVE-2024-0202 was published Feb 5, 2024

Python Cryptography package vulnerable to Bleichenbacher timing oracle attack High

CVE-2023-50782 was published for cryptography (pip) Feb 5, 2024

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the... Moderate Unreviewed

CVE-2023-6240 was published Feb 4, 2024

Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy... Moderate Unreviewed

CVE-2021-21575 was published Feb 2, 2024

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as... Moderate Unreviewed

CVE-2023-5992 was published Jan 31, 2024

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing... Moderate Unreviewed

CVE-2024-23170 was published Jan 31, 2024

A timing side-channel vulnerability has been discovered in the opencryptoki package while... Moderate Unreviewed

CVE-2024-0914 was published Jan 31, 2024

Previous 1 2 3 4 5 … 17 18 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

439 advisories