Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,783
Erlang
36
GitHub Actions
29
Go
2,357
Maven
5,000+
npm
3,978
NuGet
720
pip
3,775
Pub
12
RubyGems
923
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

368 advisories

Loading
IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to... Moderate Unreviewed
CVE-2023-38362 was published Mar 4, 2024
User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported... Moderate Unreviewed
CVE-2024-26268 was published Feb 20, 2024
IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable... Moderate Unreviewed
CVE-2023-50306 was published Feb 20, 2024
Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP... Moderate Unreviewed
CVE-2022-48220 was published Feb 15, 2024
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a... Moderate Unreviewed
CVE-2023-6935 was published Feb 10, 2024
A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib... Moderate Unreviewed
CVE-2024-0202 was published Feb 5, 2024
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the... Moderate Unreviewed
CVE-2023-6240 was published Feb 4, 2024
Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy... Moderate Unreviewed
CVE-2021-21575 was published Feb 2, 2024
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as... Moderate Unreviewed
CVE-2023-5992 was published Jan 31, 2024
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing... Moderate Unreviewed
CVE-2024-23170 was published Jan 31, 2024
A timing side-channel vulnerability has been discovered in the opencryptoki package while... Moderate Unreviewed
CVE-2024-0914 was published Jan 31, 2024
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of... Moderate Unreviewed
CVE-2024-0564 was published Jan 30, 2024
An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user... Moderate Unreviewed
CVE-2024-22647 was published Jan 30, 2024
A timing side-channel issue was addressed with improvements to constant-time computation in... Moderate Unreviewed
CVE-2024-23218 was published Jan 23, 2024
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK... Moderate Unreviewed
CVE-2024-0553 was published Jan 16, 2024
Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1... Moderate Unreviewed
CVE-2023-50979 was published Dec 27, 2023
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM... Moderate Unreviewed
CVE-2023-41097 was published Dec 21, 2023
Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This... Moderate Unreviewed
CVE-2023-6135 was published Dec 19, 2023
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an... Moderate Unreviewed
CVE-2023-23584 was published Dec 19, 2023
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting... Moderate Unreviewed
CVE-2023-4421 was published Dec 12, 2023
In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation... Moderate Unreviewed
CVE-2023-40090 was published Dec 5, 2023
UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message... Moderate Unreviewed
CVE-2023-47102 was published Nov 13, 2023
In Text Services, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2023-21333 was published Oct 30, 2023
In Job Scheduler, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2023-21344 was published Oct 30, 2023
In Input Method, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2023-21338 was published Oct 30, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database