Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,176
Erlang
30
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

17 advisories

Loading
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") Moderate
CVE-2024-30171 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov
Liferay Portal allows attackers to discover the existence of sites Moderate
CVE-2024-25146 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
OpenSearch has time discrepancy in authentication responses Moderate
CVE-2023-25806 was published for org.opensearch.plugin:opensearch-security (Maven) Mar 7, 2023
OpenCRX vulnerable to password enumeration via error messages in password reset Moderate
CVE-2022-40084 was published for org.opencrx:opencrx-client (Maven) Oct 20, 2022
Observable timing discrepancy allows determining username validity in Jenkins Moderate
CVE-2022-34174 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
Observable Discrepancy in Wildfly Elytron Moderate
CVE-2021-3642 was published for org.wildfly.security:wildfly-elytron (Maven) May 24, 2022
Non-constant time HMAC comparison Moderate
CVE-2020-2102 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Non-constant time comparison of inbound TCP agent connection secret Moderate
CVE-2020-2101 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Observable Discrepancy in BouncyCastle Moderate
CVE-2017-13098 was published for org.bouncycastle:bcprov-jdk15on (Maven) May 13, 2022
Observable Discrepancy in Apache Tomcat Moderate
CVE-2016-0762 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ
Apache Hive Information Exposure and Observable Timing Discrepancy Moderate
CVE-2020-1926 was published for org.apache.hive:hive (Maven) Feb 9, 2022
Observable Discrepancy in Apache Kafka Moderate
CVE-2021-38153 was published for org.apache.kafka:kafka-clients (Maven) Sep 23, 2021
pavelarnost
Timing based private key exposure in Bouncy Castle Moderate
CVE-2020-15522 was published for BouncyCastle (Maven) Aug 13, 2021
klaudialax
Observable Differences in Behavior to Error Inputs in Bouncy Castle Moderate
CVE-2020-26939 was published for org.bouncycastle:bc-fips (Maven) Apr 22, 2021
ebickle
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 Moderate
CVE-2021-31404 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8 Moderate
CVE-2021-31403 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 Moderate
CVE-2021-31406 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database