Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

12 advisories

Loading
Timing attack on HMAC signature comparison in Apache Tapestry Critical
CVE-2019-10071 was published for org.apache.tapestry:tapestry-core (Maven) Sep 26, 2019
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could... Critical Unreviewed
CVE-2022-40895 was published Oct 6, 2022
Information disclosure through timing and power side-channels during mod exponentiation for RSA... Critical Unreviewed
CVE-2021-1924 was published May 24, 2022
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to... Critical Unreviewed
CVE-2018-1000884 was published May 13, 2022
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are... Critical Unreviewed
CVE-2022-23304 was published Feb 15, 2022
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable... Critical Unreviewed
CVE-2022-23303 was published Feb 15, 2022
darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which... Critical Unreviewed
CVE-2024-23771 was published Jan 22, 2024
l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed
CVE-2024-25190 was published Feb 8, 2024
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed
CVE-2024-25191 was published Feb 8, 2024
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed
CVE-2024-25189 was published Feb 8, 2024
User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password... Critical Unreviewed
CVE-2023-40756 was published Aug 28, 2023
PHPECC vulnerable to multiple cryptographic side-channel attacks Critical
GHSA-346h-749j-r28w was published for mdanter/ecc (Composer) Apr 25, 2024
ProTip! Advisories are also available from the GraphQL API