GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
267 advisories
Filter by severity
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an...
Moderate
Unreviewed
CVE-2024-39891
was published
Jul 2, 2024
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by...
Moderate
Unreviewed
CVE-2024-31878
was published
Jun 7, 2024
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be...
Moderate
Unreviewed
CVE-2024-2467
was published
Apr 25, 2024
A timing-based side-channel exists in the rust-openssl package, which could be sufficient to...
Moderate
Unreviewed
CVE-2024-3296
was published
Apr 4, 2024
User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported...
Moderate
Unreviewed
CVE-2024-26268
was published
Feb 20, 2024
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a...
Moderate
Unreviewed
CVE-2023-6935
was published
Feb 10, 2024
A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib...
Moderate
Unreviewed
CVE-2024-0202
was published
Feb 5, 2024
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the...
Moderate
Unreviewed
CVE-2023-6240
was published
Feb 4, 2024
Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy...
Moderate
Unreviewed
CVE-2021-21575
was published
Feb 2, 2024
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as...
Moderate
Unreviewed
CVE-2023-5992
was published
Jan 31, 2024
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing...
Moderate
Unreviewed
CVE-2024-23170
was published
Jan 31, 2024
A timing side-channel vulnerability has been discovered in the opencryptoki package while...
Moderate
Unreviewed
CVE-2024-0914
was published
Jan 31, 2024
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of...
Moderate
Unreviewed
CVE-2024-0564
was published
Jan 30, 2024
An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user...
Moderate
Unreviewed
CVE-2024-22647
was published
Jan 30, 2024
A timing side-channel issue was addressed with improvements to constant-time computation in...
Moderate
Unreviewed
CVE-2024-23218
was published
Jan 23, 2024
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK...
Moderate
Unreviewed
CVE-2024-0553
was published
Jan 16, 2024
Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1...
Moderate
Unreviewed
CVE-2023-50979
was published
Dec 27, 2023
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM...
Moderate
Unreviewed
CVE-2023-41097
was published
Dec 21, 2023
Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This...
Moderate
Unreviewed
CVE-2023-6135
was published
Dec 19, 2023
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an...
Moderate
Unreviewed
CVE-2023-23584
was published
Dec 19, 2023
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting...
Moderate
Unreviewed
CVE-2023-4421
was published
Dec 12, 2023
In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation...
Moderate
Unreviewed
CVE-2023-40090
was published
Dec 5, 2023
UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message...
Moderate
Unreviewed
CVE-2023-47102
was published
Nov 13, 2023
In Media Projection, there is a possible way to determine whether an app is installed, without...
Moderate
Unreviewed
CVE-2023-21350
was published
Oct 30, 2023
In Package Manager Service, there is a possible way to determine whether an app is installed,...
Moderate
Unreviewed
CVE-2023-21354
was published
Oct 30, 2023
ProTip!
Advisories are also available from the
GraphQL API