GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
340 advisories
Filter by severity
A plaintext recovery of encrypted messages or a Man-in-the-middle (MiTM) attack on RSA PKCS #1 v1...
Moderate
Unreviewed
CVE-2018-9192
was published
May 13, 2022
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login...
Moderate
Unreviewed
CVE-2017-8055
was published
May 13, 2022
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before...
Moderate
Unreviewed
CVE-2017-7006
was published
May 13, 2022
Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an...
Moderate
Unreviewed
CVE-2017-17427
was published
May 13, 2022
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA...
Moderate
Unreviewed
CVE-2017-1000385
was published
May 13, 2022
A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505,...
Moderate
Unreviewed
CVE-2017-12373
was published
May 13, 2022
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite...
Moderate
Unreviewed
CVE-2017-13099
was published
May 13, 2022
Systems with microprocessors utilizing speculative execution and that perform speculative reads...
Moderate
Unreviewed
CVE-2018-3640
was published
May 13, 2022
Systems with microprocessors utilizing speculative execution and address translations may allow...
Moderate
Unreviewed
CVE-2018-3620
was published
May 13, 2022
Systems with microprocessors utilizing speculative execution and Intel software guard extensions ...
Moderate
Unreviewed
CVE-2018-3615
was published
May 13, 2022
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows...
Moderate
Unreviewed
CVE-2018-10949
was published
May 13, 2022
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA...
Moderate
Unreviewed
CVE-2018-0495
was published
May 13, 2022
A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an...
Moderate
Unreviewed
CVE-2018-0134
was published
May 13, 2022
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software...
Moderate
Unreviewed
CVE-2018-5407
was published
May 13, 2022
Observable Discrepancy in BouncyCastle
Moderate
CVE-2017-13098
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
May 13, 2022
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls...
Moderate
Unreviewed
CVE-2018-16868
was published
May 13, 2022
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle...
Moderate
Unreviewed
CVE-2018-16869
was published
May 13, 2022
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1...
Moderate
Unreviewed
CVE-2017-15533
was published
May 13, 2022
Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat ...
Moderate
Unreviewed
CVE-2017-18268
was published
May 13, 2022
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks...
Moderate
Unreviewed
CVE-2019-9494
was published
May 13, 2022
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel...
Moderate
Unreviewed
CVE-2019-9495
was published
May 13, 2022
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly...
Moderate
Unreviewed
CVE-2016-2178
was published
May 13, 2022
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to...
Moderate
Unreviewed
CVE-2019-1559
was published
May 13, 2022
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and...
Moderate
Unreviewed
CVE-2017-5107
was published
May 13, 2022
Observable Discrepancy in Apache Tomcat
Moderate
CVE-2016-0762
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API