GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
340 advisories
Filter by severity
When converting coordinates from projective to affine, the modular inversion was not performed in...
Moderate
Unreviewed
CVE-2020-12400
was published
May 24, 2022
Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth...
Moderate
Unreviewed
CVE-2020-25200
was published
May 24, 2022
A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by...
Moderate
Unreviewed
CVE-2020-11683
was published
May 24, 2022
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being...
Moderate
Unreviewed
CVE-2020-1968
was published
May 24, 2022
Magento observable timing discrepancy vulnerability
Moderate
CVE-2020-9690
was published
for
magento/community-edition
(Composer)
May 24, 2022
Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed...
Moderate
Unreviewed
CVE-2020-6531
was published
May 24, 2022
During RSA key generation, bignum implementations used a variation of the Binary Extended...
Moderate
Unreviewed
CVE-2020-12402
was published
May 24, 2022
NSS has shown timing differences when performing DSA signatures, which was exploitable and could...
Moderate
Unreviewed
CVE-2020-12399
was published
May 24, 2022
The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an...
Moderate
Unreviewed
CVE-2020-14145
was published
May 24, 2022
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the...
Moderate
Unreviewed
CVE-2020-14002
was published
May 24, 2022
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular...
Moderate
Unreviewed
CVE-2020-11735
was published
May 24, 2022
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote...
Moderate
Unreviewed
CVE-2020-13998
was published
May 24, 2022
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response...
Moderate
Unreviewed
CVE-2020-13413
was published
May 24, 2022
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing...
Moderate
Unreviewed
CVE-2020-11713
was published
May 24, 2022
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the...
Moderate
Unreviewed
CVE-2019-5135
was published
May 24, 2022
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example...
Moderate
Unreviewed
CVE-2020-7959
was published
May 24, 2022
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote...
Moderate
Unreviewed
CVE-2020-6400
was published
May 24, 2022
Non-constant time HMAC comparison
Moderate
CVE-2020-2102
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Non-constant time comparison of inbound TCP agent connection secret
Moderate
CVE-2020-2101
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1...
Moderate
Unreviewed
CVE-2019-18222
was published
May 24, 2022
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185....
Moderate
Unreviewed
CVE-2019-16516
was published
May 24, 2022
GnuTLS incorrectly validates the first byte of padding in CBC modes
Moderate
Unreviewed
CVE-2015-8313
was published
May 24, 2022
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to...
Moderate
Unreviewed
CVE-2015-0837
was published
May 24, 2022
On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power...
Moderate
Unreviewed
CVE-2019-14358
was published
May 24, 2022
** DISPUTED ** On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was...
Moderate
Unreviewed
CVE-2019-14356
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API