GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,084
Erlang
29
GitHub Actions
19
Go
1,910
Maven
5,000+
npm
3,646
NuGet
638
pip
3,261
Pub
10
RubyGems
870
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected...
Low
Unreviewed
CVE-2024-6129
was published
Jun 18, 2024
A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as...
Low
Unreviewed
CVE-2024-6056
was published
Jun 17, 2024
IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user...
Low
Unreviewed
CVE-2024-31870
was published
Jun 15, 2024
s2n-tls has a potentially observable differences in RSA premaster secret handling
Low
GHSA-52xf-5p2m-9wrv
was published
for
s2n-tls
(Rust)
Jun 6, 2024
1Panel's password verification is suspected to have a timing attack vulnerability
Low
CVE-2024-30257
was published
for
github.com/1Panel-dev/1Panel
(Go)
Apr 18, 2024
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation
Low
CVE-2023-50708
was published
for
yiisoft/yii2-authclient
(Composer)
Dec 18, 2023
In Game Manager Service, there is a possible way to determine whether an app is installed,...
Low
Unreviewed
CVE-2023-21345
was published
Oct 30, 2023
In Window Manager, there is a possible way to determine whether an app is installed, without...
Low
Unreviewed
CVE-2023-21348
was published
Oct 30, 2023
In the Device Idle Controller, there is a possible way to determine whether an app is installed,...
Low
Unreviewed
CVE-2023-21346
was published
Oct 30, 2023
In Package Manager, there is a possible way to determine whether an app is installed, without...
Low
Unreviewed
CVE-2023-21349
was published
Oct 30, 2023
Jenkins Tuleap Authentication Plugin non-constant time token comparison
Low
CVE-2023-40343
was published
for
io.jenkins.plugins:tuleap-oauth
(Maven)
Aug 16, 2023
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer...
Low
Unreviewed
CVE-2022-47952
was published
Jan 1, 2023
In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to...
Low
Unreviewed
CVE-2022-20535
was published
Dec 21, 2022
In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine...
Low
Unreviewed
CVE-2022-20559
was published
Dec 21, 2022
In placeCall of TelecomManager.java, there is a possible way to determine whether an app is...
Low
Unreviewed
CVE-2022-20531
was published
Dec 20, 2022
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin
Low
CVE-2022-43412
was published
for
org.jenkins-ci.plugins:generic-webhook-trigger
(Maven)
Oct 19, 2022
Non-constant time webhook token comparison in Jenkins GitLab Plugin
Low
CVE-2022-43411
was published
for
org.jenkins-ci.plugins:gitlab-plugin
(Maven)
Oct 19, 2022
In PackageInstaller, there is a possible way to determine whether an app is installed, without...
Low
Unreviewed
CVE-2022-20318
was published
Aug 13, 2022
In ActivityManager, there is a possible way to determine whether an app is installed, without...
Low
Unreviewed
CVE-2022-20320
was published
Aug 13, 2022
In AlarmManagerService, there is a possible way to determine whether an app is installed, without...
Low
Unreviewed
CVE-2022-20307
was published
Aug 13, 2022
In ContentResolver, there is a possible way to determine whether an app is installed, without...
Low
Unreviewed
CVE-2022-20316
was published
Aug 13, 2022
In PackageInstaller, there is a possible way to determine whether an app is installed, without...
Low
Unreviewed
CVE-2022-20309
was published
Aug 13, 2022
In PackageManager, there is a possible way to determine whether an app is installed, without...
Low
Unreviewed
CVE-2022-20252
was published
Aug 12, 2022
In LocaleManager, there is a possible way to determine whether an app is installed, without query...
Low
Unreviewed
CVE-2022-20249
was published
Aug 12, 2022
In LocaleManager, there is a possible way to determine whether an app is installed, without query...
Low
Unreviewed
CVE-2022-20251
was published
Aug 12, 2022
ProTip!
Advisories are also available from the
GraphQL API