GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
340 advisories
Filter by severity
An information-disclosure vulnerability exists on select NXP devices when configured in Serial...
Moderate
Unreviewed
CVE-2022-45163
was published
Nov 19, 2022
A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow...
Moderate
Unreviewed
CVE-2022-20940
was published
Nov 16, 2022
An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in...
Moderate
Unreviewed
CVE-2020-35473
was published
Nov 8, 2022
Observable discrepancies in the login process allow an attacker to guess legitimate user names...
Moderate
Unreviewed
CVE-2021-45925
was published
Oct 24, 2022
OpenCRX vulnerable to password enumeration via error messages in password reset
Moderate
CVE-2022-40084
was published
for
org.opencrx:opencrx-client
(Maven)
Oct 20, 2022
The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based...
Moderate
Unreviewed
CVE-2022-2891
was published
Oct 11, 2022
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which...
Moderate
Unreviewed
CVE-2022-35888
was published
Sep 30, 2022
An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the...
Moderate
Unreviewed
CVE-2022-32218
was published
Sep 25, 2022
TYPO3 CMS vulnerable to User Enumeration via Response Timing
Moderate
CVE-2022-36105
was published
for
typo3/cms
(Composer)
Sep 16, 2022
All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to...
Moderate
Unreviewed
CVE-2022-1989
was published
Aug 24, 2022
Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users...
Moderate
Unreviewed
CVE-2022-34623
was published
Aug 20, 2022
In Framework, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2022-20324
was published
Aug 13, 2022
In Content, there is a possible way to determinate the user's account due to side channel...
Moderate
Unreviewed
CVE-2022-20304
was published
Aug 13, 2022
In LauncherApps, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2022-20293
was published
Aug 13, 2022
In AppOpsService, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2022-20291
was published
Aug 13, 2022
Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79...
Moderate
Unreviewed
CVE-2022-2612
was published
Aug 13, 2022
In Telephony, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2022-20242
was published
Aug 12, 2022
In USB Manager, there is a possible way to determine whether an app is installed, without query...
Moderate
Unreviewed
CVE-2021-0975
was published
Aug 12, 2022
Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique...
Moderate
Unreviewed
CVE-2022-34704
was published
Aug 10, 2022
The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by...
Moderate
Unreviewed
CVE-2022-32425
was published
Jul 15, 2022
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified...
Moderate
Unreviewed
CVE-2022-20752
was published
Jul 7, 2022
A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid...
Moderate
Unreviewed
CVE-2021-41634
was published
Jun 25, 2022
Observable timing discrepancy allows determining username validity in Jenkins
Moderate
CVE-2022-34174
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
A potential vulnerability in some AMD processors using frequency scaling may allow an...
Moderate
Unreviewed
CVE-2022-23823
was published
Jun 16, 2022
Observable behavioral in power management throttling for some Intel(R) Processors may allow an...
Moderate
Unreviewed
CVE-2022-24436
was published
Jun 16, 2022
ProTip!
Advisories are also available from the
GraphQL API