GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
461 advisories
Filter by severity
PHPECC vulnerable to multiple cryptographic side-channel attacks
Critical
GHSA-346h-749j-r28w
was published
for
mdanter/ecc
(Composer)
Apr 25, 2024
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be...
Moderate
Unreviewed
CVE-2024-2467
was published
Apr 25, 2024
1Panel's password verification is suspected to have a timing attack vulnerability
Low
CVE-2024-30257
was published
for
github.com/1Panel-dev/1Panel
(Go)
Apr 18, 2024
A timing-based side-channel exists in the rust-openssl package, which could be sufficient to...
Moderate
Unreviewed
CVE-2024-3296
was published
Apr 4, 2024
This issue occurs during password recovery, where a difference in messages could allow an...
Unknown
Unreviewed
CVE-2024-2464
was published
Mar 21, 2024
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This...
Moderate
Unreviewed
CVE-2024-25651
was published
Mar 14, 2024
An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response...
High
Unreviewed
CVE-2022-45177
was published
Feb 21, 2024
User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported...
Moderate
Unreviewed
CVE-2024-26268
was published
Feb 20, 2024
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a...
Moderate
Unreviewed
CVE-2023-6935
was published
Feb 10, 2024
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it...
Critical
Unreviewed
CVE-2024-25191
was published
Feb 8, 2024
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it...
Critical
Unreviewed
CVE-2024-25189
was published
Feb 8, 2024
l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it...
Critical
Unreviewed
CVE-2024-25190
was published
Feb 8, 2024
Liferay Portal allows attackers to discover the existence of sites
Moderate
CVE-2024-25146
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
High
CVE-2023-51437
was published
for
org.apache.pulsar:pulsar-broker-auth-sasl
(Maven)
Feb 7, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
High
CVE-2023-50782
was published
for
cryptography
(pip)
Feb 5, 2024
A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib...
Moderate
Unreviewed
CVE-2024-0202
was published
Feb 5, 2024
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the...
Moderate
Unreviewed
CVE-2023-6240
was published
Feb 4, 2024
Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy...
Moderate
Unreviewed
CVE-2021-21575
was published
Feb 2, 2024
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as...
Moderate
Unreviewed
CVE-2023-5992
was published
Jan 31, 2024
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing...
Moderate
Unreviewed
CVE-2024-23170
was published
Jan 31, 2024
A timing side-channel vulnerability has been discovered in the opencryptoki package while...
Moderate
Unreviewed
CVE-2024-0914
was published
Jan 31, 2024
A security vulnerability has been identified in the pkcs11-provider, which is associated with...
High
Unreviewed
CVE-2023-6258
was published
Jan 30, 2024
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of...
Moderate
Unreviewed
CVE-2024-0564
was published
Jan 30, 2024
An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user...
Moderate
Unreviewed
CVE-2024-22647
was published
Jan 30, 2024
A timing side-channel issue was addressed with improvements to constant-time computation in...
Moderate
Unreviewed
CVE-2024-23218
was published
Jan 23, 2024
ProTip!
Advisories are also available from the
GraphQL API