Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,359
Erlang
33
GitHub Actions
22
Go
2,124
Maven
5,000+
npm
3,787
NuGet
683
pip
3,467
Pub
12
RubyGems
894
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

398 advisories

Loading
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and... Moderate Unreviewed
CVE-2017-5107 was published May 13, 2022
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to... Moderate Unreviewed
CVE-2019-1559 was published May 13, 2022
User enumeration leak using switch user functionality in Symfony Moderate
CVE-2019-18886 was published for symfony/security-http (Composer) Dec 2, 2019
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel... Moderate Unreviewed
CVE-2019-9495 was published May 13, 2022
Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat ... Moderate Unreviewed
CVE-2017-18268 was published May 13, 2022
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks... Moderate Unreviewed
CVE-2019-9494 was published May 13, 2022
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1... Moderate Unreviewed
CVE-2017-15533 was published May 13, 2022
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle... Moderate Unreviewed
CVE-2018-16869 was published May 13, 2022
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls... Moderate Unreviewed
CVE-2018-16868 was published May 13, 2022
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software... Moderate Unreviewed
CVE-2018-5407 was published May 13, 2022
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an... Moderate Unreviewed
CVE-2018-0134 was published May 13, 2022
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA... Moderate Unreviewed
CVE-2018-0495 was published May 13, 2022
Padding Oracle Attack due to Observable Timing Discrepancy in jose Moderate
CVE-2021-29443 was published for jose (npm) Apr 19, 2021
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 Moderate
CVE-2021-31406 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8 Moderate
CVE-2021-31403 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 Moderate
CVE-2021-31404 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows... Moderate Unreviewed
CVE-2018-10949 was published May 13, 2022
Systems with microprocessors utilizing speculative execution and that perform speculative reads... Moderate Unreviewed
CVE-2018-3640 was published May 13, 2022
Systems with microprocessors utilizing speculative execution and address translations may allow... Moderate Unreviewed
CVE-2018-3620 was published May 13, 2022
Systems with microprocessors utilizing speculative execution and Intel software guard extensions ... Moderate Unreviewed
CVE-2018-3615 was published May 13, 2022
Observable Response Discrepancy in Lost Password Service Moderate
CVE-2021-39189 was published for pimcore/pimcore (Composer) Sep 20, 2021
In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to... Moderate Unreviewed
CVE-2021-1014 was published Dec 16, 2021
In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a possible way to determine... Moderate Unreviewed
CVE-2021-1005 was published Dec 16, 2021
In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine... Moderate Unreviewed
CVE-2021-1009 was published Dec 16, 2021
In startRanging of RttServiceImpl.java, there is a possible way to determine whether an app is... Moderate Unreviewed
CVE-2021-1026 was published Dec 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database