Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

340 advisories

Loading
An information-disclosure vulnerability exists on select NXP devices when configured in Serial... Moderate Unreviewed
CVE-2022-45163 was published Nov 19, 2022
A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow... Moderate Unreviewed
CVE-2022-20940 was published Nov 16, 2022
An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in... Moderate Unreviewed
CVE-2020-35473 was published Nov 8, 2022
Observable discrepancies in the login process allow an attacker to guess legitimate user names... Moderate Unreviewed
CVE-2021-45925 was published Oct 24, 2022
OpenCRX vulnerable to password enumeration via error messages in password reset Moderate
CVE-2022-40084 was published for org.opencrx:opencrx-client (Maven) Oct 20, 2022
The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based... Moderate Unreviewed
CVE-2022-2891 was published Oct 11, 2022
Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which... Moderate Unreviewed
CVE-2022-35888 was published Sep 30, 2022
An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the... Moderate Unreviewed
CVE-2022-32218 was published Sep 25, 2022
TYPO3 CMS vulnerable to User Enumeration via Response Timing Moderate
CVE-2022-36105 was published for typo3/cms (Composer) Sep 16, 2022
Vautia
All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to... Moderate Unreviewed
CVE-2022-1989 was published Aug 24, 2022
Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users... Moderate Unreviewed
CVE-2022-34623 was published Aug 20, 2022
In Framework, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2022-20324 was published Aug 13, 2022
In Content, there is a possible way to determinate the user's account due to side channel... Moderate Unreviewed
CVE-2022-20304 was published Aug 13, 2022
In LauncherApps, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2022-20293 was published Aug 13, 2022
In AppOpsService, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2022-20291 was published Aug 13, 2022
Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79... Moderate Unreviewed
CVE-2022-2612 was published Aug 13, 2022
In Telephony, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2022-20242 was published Aug 12, 2022
In USB Manager, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-0975 was published Aug 12, 2022
Windows Defender Credential Guard Information Disclosure Vulnerability. This CVE ID is unique... Moderate Unreviewed
CVE-2022-34704 was published Aug 10, 2022
The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by... Moderate Unreviewed
CVE-2022-32425 was published Jul 15, 2022
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified... Moderate Unreviewed
CVE-2022-20752 was published Jul 7, 2022
A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid... Moderate Unreviewed
CVE-2021-41634 was published Jun 25, 2022
Observable timing discrepancy allows determining username validity in Jenkins Moderate
CVE-2022-34174 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
A potential vulnerability in some AMD processors using frequency scaling may allow an... Moderate Unreviewed
CVE-2022-23823 was published Jun 16, 2022
Observable behavioral in power management throttling for some Intel(R) Processors may allow an... Moderate Unreviewed
CVE-2022-24436 was published Jun 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database