GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,259
Composer 4,354
Erlang 31
GitHub Actions 22
Go 2,120
Maven 5,293
npm 3,779
NuGet 681
pip 3,460
Pub 12
RubyGems 892
Rust 888
Swift 38

Unreviewed advisories

All unreviewed 243,854

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

550 advisories

Filter by severity

Sort by

Least recently updated

In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is... Moderate Unreviewed

CVE-2022-20538 was published Dec 19, 2022

Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread... Moderate Unreviewed

CVE-2022-45416 was published Dec 22, 2022

Service Workers should not be able to infer information about opaque cross-origin responses; but... Moderate Unreviewed

CVE-2022-45403 was published Dec 22, 2022

An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 &... High Unreviewed

CVE-2021-22892 was published May 24, 2022

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 ... Moderate Unreviewed

CVE-2022-24043 was published May 21, 2022

** DISPUTED ** The AES instructions on the ARMv8 platform do not have an algorithm that is ... High Unreviewed

CVE-2022-48251 was published Jan 10, 2023

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers... Moderate Unreviewed

CVE-2019-13383 was published May 24, 2022

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous... High Unreviewed

CVE-2019-9815 was published May 24, 2022

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers... Moderate Unreviewed

CVE-2019-13599 was published May 24, 2022

Search Guard versions before 21.0 had an timing side channel issue when using the internal user... Moderate Unreviewed

CVE-2019-13420 was published May 24, 2022

An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached ... Moderate Unreviewed

CVE-2019-11465 was published May 24, 2022

SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password... Moderate Unreviewed

CVE-2019-16394 was published May 24, 2022

RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions... Moderate Unreviewed

CVE-2019-3731 was published May 24, 2022

RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1... Moderate Unreviewed

CVE-2019-3732 was published May 24, 2022

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the... Low Unreviewed

CVE-2019-13456 was published May 24, 2022

In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could... Critical Unreviewed

CVE-2022-40895 was published Oct 6, 2022

In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine... Low Unreviewed

CVE-2022-20559 was published Dec 21, 2022

An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185.... Moderate Unreviewed

CVE-2019-16516 was published May 24, 2022

Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote... Moderate Unreviewed

CVE-2020-6400 was published May 24, 2022

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the... Moderate Unreviewed

CVE-2019-5135 was published May 24, 2022

wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing... Moderate Unreviewed

CVE-2020-11713 was published May 24, 2022

Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in... Low Unreviewed

CVE-2020-13844 was published May 24, 2022

OpenCRX vulnerable to password enumeration via error messages in password reset Moderate

CVE-2022-40084 was published for org.opencrx:opencrx-client (Maven) Oct 20, 2022

An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response... Moderate Unreviewed

CVE-2020-13413 was published May 24, 2022

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access... Moderate Unreviewed

CVE-2022-46392 was published Dec 16, 2022

Previous 1 2 3 4 5 … 21 22 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

550 advisories