GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
461 advisories
Filter by severity
In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine...
Moderate
Unreviewed
CVE-2021-1009
was published
Dec 16, 2021
In onResume of NotificationAccessDetails.java, there is a possible way to determine whether an...
Moderate
Unreviewed
CVE-2021-1012
was published
Dec 16, 2021
In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to...
Moderate
Unreviewed
CVE-2021-1014
was published
Dec 16, 2021
In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of PermissionManagerService...
Moderate
Unreviewed
CVE-2021-1013
was published
Dec 16, 2021
In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an...
Low
Unreviewed
CVE-2021-1015
was published
Dec 16, 2021
In adjustStreamVolume of AudioService.java, there is a possible way to determine whether an app...
Low
Unreviewed
CVE-2021-1018
was published
Dec 16, 2021
In startRanging of RttServiceImpl.java, there is a possible way to determine whether an app is...
Moderate
Unreviewed
CVE-2021-1026
was published
Dec 16, 2021
In setNotificationsShownFromListener of NotificationManagerService.java, there is a possible way...
Moderate
Unreviewed
CVE-2021-1030
was published
Dec 16, 2021
In getMimeGroup of PackageManagerService.java, there is a possible way to determine whether an...
Low
Unreviewed
CVE-2021-1032
was published
Dec 16, 2021
In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to...
Low
Unreviewed
CVE-2021-1031
was published
Dec 16, 2021
Observable Discrepancy in Argo
Moderate
CVE-2020-11576
was published
for
github.com/argoproj/argo-cd
(Go)
Dec 9, 2021
Observable Discrepancy in Apache Kafka
Moderate
CVE-2021-38153
was published
for
org.apache.kafka:kafka-clients
(Maven)
Sep 23, 2021
Observable Response Discrepancy in Lost Password Service
Moderate
CVE-2021-39189
was published
for
pimcore/pimcore
(Composer)
Sep 20, 2021
Observable Discrepancy in libsecp256k1-rs
Moderate
CVE-2019-20399
was published
for
libsecp256k1-rs
(Rust)
Aug 25, 2021
Timing based private key exposure in Bouncy Castle
Moderate
CVE-2020-15522
was published
for
BouncyCastle
(Maven)
Aug 13, 2021
Observable Timing Discrepancy in aaugustin websockets library
Moderate
CVE-2021-33880
was published
for
websockets
(pip)
Jun 11, 2021
Observable Response Discrepancy in Flask-AppBuilder
Moderate
CVE-2021-29621
was published
for
Flask-AppBuilder
(pip)
May 27, 2021
Prevent user enumeration using Guard or the new Authenticator-based Security
Moderate
CVE-2021-21424
was published
for
lexik/jwt-authentication-bundle
(Composer)
May 13, 2021
Observable Differences in Behavior to Error Inputs in Bouncy Castle
Moderate
CVE-2020-26939
was published
for
org.bouncycastle:bc-fips
(Maven)
Apr 22, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime
Moderate
CVE-2021-29446
was published
for
jose-node-cjs-runtime
(npm)
Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime
Moderate
CVE-2021-29445
was published
for
jose-node-esm-runtime
(npm)
Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime
Moderate
CVE-2021-29444
was published
for
jose-browser-runtime
(npm)
Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose
Moderate
CVE-2021-29443
was published
for
jose
(npm)
Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
Moderate
CVE-2021-31404
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8
Moderate
CVE-2021-31403
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
ProTip!
Advisories are also available from the
GraphQL API