GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,587
Composer 4,205
Erlang 31
GitHub Actions 19
Go 1,988
Maven 5,170
npm 3,704
NuGet 661
pip 3,332
Pub 11
RubyGems 884
Rust 845
Swift 36

Unreviewed advisories

All unreviewed 234,200

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

402 advisories

Filter by severity

Sort by

Least recently updated

Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401,... High Unreviewed

CVE-2024-39921 was published Sep 4, 2024

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware... Moderate Unreviewed

CVE-2024-45678 was published Sep 3, 2024

The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against... Moderate Unreviewed

CVE-2024-1543 was published Aug 30, 2024

Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a... Moderate Unreviewed

CVE-2024-1544 was published Aug 27, 2024

Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy Moderate Unreviewed

CVE-2024-38431 was published Jul 30, 2024

In veilid-core in Veilid before 0.3.4, the protocol's ping function can be misused in a way that... Moderate Unreviewed

CVE-2024-41880 was published Jul 22, 2024

Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when... High Unreviewed

CVE-2024-39830 was published Jul 3, 2024

In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an... Moderate Unreviewed

CVE-2024-39891 was published Jul 2, 2024

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions... Moderate Unreviewed

CVE-2024-36996 was published Jul 1, 2024

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error... Moderate Unreviewed

CVE-2024-38322 was published Jun 29, 2024

A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected... Low Unreviewed

CVE-2024-6129 was published Jun 18, 2024

A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as... Low Unreviewed

CVE-2024-6056 was published Jun 17, 2024

Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the... Moderate Unreviewed

CVE-2024-38465 was published Jun 16, 2024

IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user... Low Unreviewed

CVE-2024-31870 was published Jun 15, 2024

By monitoring the time certain operations take, an attacker could have guessed which external... Moderate Unreviewed

CVE-2024-5690 was published Jun 11, 2024

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with... High Unreviewed

CVE-2024-37880 was published Jun 10, 2024

IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by... Moderate Unreviewed

CVE-2024-31878 was published Jun 7, 2024

A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically... High Unreviewed

CVE-2024-5124 was published Jun 6, 2024

A privacy issue was addressed by moving sensitive data to a more secure location. This issue is... Moderate Unreviewed

CVE-2024-27839 was published May 14, 2024

In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly... Moderate Unreviewed

CVE-2024-30176 was published May 1, 2024

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be... Moderate Unreviewed

CVE-2024-2467 was published Apr 25, 2024

A timing-based side-channel exists in the rust-openssl package, which could be sufficient to... Moderate Unreviewed

CVE-2024-3296 was published Apr 4, 2024

This issue occurs during password recovery, where a difference in messages could allow an... Moderate Unreviewed

CVE-2024-2464 was published Mar 21, 2024

User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This... Moderate Unreviewed

CVE-2024-25651 was published Mar 14, 2024

A potential security vulnerability has been reported in the system BIOS of certain HP PC products... High Unreviewed

CVE-2023-5410 was published Mar 12, 2024

Previous 1 2 3 4 5 … 16 17 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

402 advisories