GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,643
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
340 advisories
Filter by severity
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be...
Moderate
Unreviewed
CVE-2022-40482
was published
Apr 25, 2023
A username enumeration issue was discovered in Medicine Tracker System 1.0. The login...
Moderate
Unreviewed
CVE-2023-30458
was published
Apr 24, 2023
A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions...
Moderate
Unreviewed
CVE-2023-27464
was published
Apr 11, 2023
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks
Moderate
CVE-2023-25000
was published
for
github.com/hashicorp/vault
(Go)
Mar 30, 2023
Argo CD authenticated but unauthorized users may enumerate Application names via the API
Moderate
CVE-2022-41354
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 23, 2023
Answer has Observable Response Discrepancy
Moderate
CVE-2023-1540
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
Answer has Observable Timing Discrepancy
Moderate
CVE-2023-1538
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
OpenSearch has time discrepancy in authentication responses
Moderate
CVE-2023-25806
was published
for
org.opensearch.plugin:opensearch-security
(Maven)
Mar 7, 2023
vantage6 vulnerable to Observable Response Discrepancy
Moderate
CVE-2022-39228
was published
for
vantage6
(pip)
Feb 28, 2023
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To...
Moderate
Unreviewed
CVE-2020-12413
was published
Feb 17, 2023
openssl-src subject to Timing Oracle in RSA Decryption
Moderate
CVE-2022-4304
was published
for
openssl-src
(Rust)
Feb 8, 2023
NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use...
Moderate
Unreviewed
CVE-2022-42288
was published
Jan 13, 2023
A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue...
Moderate
Unreviewed
CVE-2022-4543
was published
Jan 11, 2023
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature...
Moderate
Unreviewed
CVE-2022-30332
was published
Jan 10, 2023
Barzahlen Payment Module PHP SDK vulnerable to Observable Timing Discrepancy
Moderate
CVE-2016-15015
was published
for
barzahlen/barzahlen-php
(Composer)
Jan 8, 2023
A vulnerability, which was classified as problematic, was found in InSTEDD Nuntium. Affected is...
Moderate
Unreviewed
CVE-2022-4823
was published
Dec 28, 2022
OpenShift OSIN vulnerable to Observable Timing Discrepancy
Moderate
CVE-2021-4294
was published
for
github.com/openshift/osin
(Go)
Dec 28, 2022
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x...
Moderate
Unreviewed
CVE-2022-41765
was published
Dec 26, 2022
Snipe-IT allows attackers to check whether a user account exists
Moderate
CVE-2022-44381
was published
for
snipe/snipe-it
(Composer)
Dec 25, 2022
While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was...
Moderate
Unreviewed
CVE-2022-26382
was published
Dec 22, 2022
Service Workers should not be able to infer information about opaque cross-origin responses; but...
Moderate
Unreviewed
CVE-2022-45403
was published
Dec 22, 2022
Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread...
Moderate
Unreviewed
CVE-2022-45416
was published
Dec 22, 2022
In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is...
Moderate
Unreviewed
CVE-2022-20538
was published
Dec 19, 2022
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access...
Moderate
Unreviewed
CVE-2022-46392
was published
Dec 16, 2022
A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability...
Moderate
Unreviewed
CVE-2022-4087
was published
Nov 21, 2022
ProTip!
Advisories are also available from the
GraphQL API