Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

441 advisories

Loading
Timing attacks might allow practical recovery of the long-term private key High
CVE-2019-10764 was published for simplito/elliptic-php (Composer) Nov 20, 2019
/user/sessions endpoint allows detecting valid accounts High
GHSA-7vwg-39h8-8qp8 was published for ezsystems/ezplatform-rest (Composer) Mar 11, 2021
/user/sessions endpoint allows detecting valid accounts High
GHSA-gmrf-99gw-vvwj was published for ezsystems/ezpublish-kernel (Composer) Mar 11, 2021
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator High
CVE-2022-3143 was published for org.wildfly.security:wildfly-elytron (Maven) Jan 13, 2023
The pointer-validation logic in util/mem_util.rs in Occlum before 0.26.0 for Intel SGX acts as a... Moderate Unreviewed
CVE-2021-44421 was published Mar 11, 2022
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised... High Unreviewed
CVE-2020-36517 was published Mar 11, 2022
In People, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-39775 was published Mar 31, 2022
In Framework, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-39756 was published Mar 31, 2022
In DevicePolicyManager, there is a possible way to reveal the existence of an installed package... Moderate Unreviewed
CVE-2021-39755 was published Mar 31, 2022
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2021-39745 was published Mar 31, 2022
In Media, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-39761 was published Mar 31, 2022
In AudioService, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-39760 was published Mar 31, 2022
In ContextImpl, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-39754 was published Mar 31, 2022
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2021-39744 was published Mar 31, 2022
In TelecomManager, there is a possible way to check if a particular self managed phone account... Moderate Unreviewed
CVE-2021-39788 was published Mar 31, 2022
In WallpaperManagerService, there is a possible way to determine whether an app is installed,... Moderate Unreviewed
CVE-2021-39791 was published Mar 31, 2022
In VpnManagerService, there is a possible disclosure of installed VPN packages due to side... Moderate Unreviewed
CVE-2021-39773 was published Mar 31, 2022
In Settings, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-39766 was published Mar 31, 2022
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due... Moderate Unreviewed
CVE-2022-22356 was published Apr 6, 2022
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker... High Unreviewed
CVE-2021-20049 was published Dec 24, 2021
Observable Discrepancy in BouncyCastle Moderate
CVE-2017-13098 was published for org.bouncycastle:bcprov-jdk15on (Maven) May 13, 2022
Observable discrepancies in the login process allow an attacker to guess legitimate user names... Moderate Unreviewed
CVE-2021-45925 was published Oct 24, 2022
TYPO3 CMS vulnerable to User Enumeration via Response Timing Moderate
CVE-2022-36105 was published for typo3/cms (Composer) Sep 16, 2022
Vautia
Observable Discrepancy in Wildfly Elytron Moderate
CVE-2021-3642 was published for org.wildfly.security:wildfly-elytron (Maven) May 24, 2022
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1... Moderate Unreviewed
CVE-2019-18222 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API