Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20 advisories

Loading
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison Low
CVE-2023-46656 was published for igalg.jenkins.plugins:multibranch-scan-webhook-trigger (Maven) Oct 25, 2023
Jenkins Gogs Plugin uses non-constant time webhook token comparison Low
CVE-2023-46657 was published for org.jenkins-ci.plugins:gogs-webhook (Maven) Oct 25, 2023
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison Low
CVE-2023-46658 was published for io.jenkins.plugins:teams-webhook-trigger (Maven) Oct 25, 2023
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin Low
CVE-2023-46660 was published for org.jenkins-ci.plugins:zanata (Maven) Oct 25, 2023
OpenSearch has time discrepancy in authentication responses Moderate
CVE-2023-25806 was published for org.opensearch.plugin:opensearch-security (Maven) Mar 7, 2023
Observable timing discrepancy in JOpenId High
CVE-2010-10006 was published for org.expressme:JOpenId (Maven) Jan 18, 2023
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator High
CVE-2022-3143 was published for org.wildfly.security:wildfly-elytron (Maven) Jan 13, 2023
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin Low
CVE-2022-43412 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) Oct 19, 2022
NotMyFault
Non-constant time webhook token comparison in Jenkins GitLab Plugin Low
CVE-2022-43411 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Oct 19, 2022
NotMyFault
Jenkins GitHub plugin uses weak webhook signature function Low
CVE-2022-36885 was published for com.coravy.hudson.plugins.github:github (Maven) Jul 28, 2022
westonsteimel NotMyFault
Observable timing discrepancy allows determining username validity in Jenkins Moderate
CVE-2022-34174 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
Non-constant time HMAC comparison Moderate
CVE-2020-2102 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Non-constant time comparison of inbound TCP agent connection secret Moderate
CVE-2020-2101 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Apache Hive Information Exposure and Observable Timing Discrepancy Moderate
CVE-2020-1926 was published for org.apache.hive:hive (Maven) Feb 9, 2022
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin Low
CVE-2022-23106 was published for io.jenkins:configuration-as-code (Maven) Jan 21, 2022
NotMyFault westonsteimel
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 Moderate
CVE-2021-31404 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8 Moderate
CVE-2021-31403 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 Moderate
CVE-2021-31406 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 Moderate
GHSA-c6c4-7x48-4cqp was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 Moderate
GHSA-9h6g-6mxg-vvp4 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
xhlika
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database