GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
340 advisories
Filter by severity
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that...
Moderate
Unreviewed
CVE-2024-8651
was published
Sep 19, 2024
Observable Response Discrepancy in Flask-AppBuilder
Moderate
CVE-2021-29621
was published
for
Flask-AppBuilder
(pip)
May 27, 2021
Observable Response Discrepancy in Flask-AppBuilder
Moderate
CVE-2022-21659
was published
for
Flask-AppBuilder
(pip)
Feb 1, 2022
User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine...
Moderate
Unreviewed
CVE-2024-34336
was published
Sep 12, 2024
Observable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user...
Moderate
Unreviewed
CVE-2024-23984
was published
Sep 16, 2024
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware...
Moderate
Unreviewed
CVE-2024-45678
was published
Sep 3, 2024
Loway - CWE-204: Observable Response Discrepancy
Moderate
Unreviewed
CVE-2024-42343
was published
Sep 8, 2024
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
Moderate
CVE-2024-30171
was published
for
BouncyCastle
(Maven)
May 14, 2024
Matrix Tafnit v8
-
CWE-204: Observable Response Discrepancy
Moderate
Unreviewed
CVE-2024-38431
was published
Jul 30, 2024
UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message...
Moderate
Unreviewed
CVE-2023-47102
was published
Nov 13, 2023
The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against...
Moderate
Unreviewed
CVE-2024-1543
was published
Aug 30, 2024
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as...
Moderate
Unreviewed
CVE-2023-5992
was published
Jan 31, 2024
Generating the ECDSA nonce k samples a random number r and then
truncates this randomness with a...
Moderate
Unreviewed
CVE-2024-1544
was published
Aug 27, 2024
User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames.
Moderate
Unreviewed
CVE-2023-22359
was published
Jun 26, 2023
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This...
Moderate
Unreviewed
CVE-2024-25651
was published
Mar 14, 2024
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error...
Moderate
Unreviewed
CVE-2024-38322
was published
Jun 29, 2024
By monitoring the time certain operations take, an attacker could have guessed which external...
Moderate
Unreviewed
CVE-2024-5690
was published
Jun 11, 2024
Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the...
Moderate
Unreviewed
CVE-2024-38465
was published
Jun 16, 2024
ZITADEL "ignoring unknown usernames" vulnerability
Moderate
CVE-2024-41952
was published
for
github.com/zitadel/zitadel
(Go)
Jul 31, 2024
CubeFS timing attack can leak user passwords
Moderate
CVE-2023-46739
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions...
Moderate
Unreviewed
CVE-2024-36996
was published
Jul 1, 2024
In veilid-core in Veilid before 0.3.4, the protocol's ping function can be misused in a way that...
Moderate
Unreviewed
CVE-2024-41880
was published
Jul 22, 2024
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote...
Moderate
Unreviewed
CVE-2020-13998
was published
May 24, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An...
Moderate
Unreviewed
CVE-2022-27221
was published
Jun 15, 2022
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK...
Moderate
Unreviewed
CVE-2024-0553
was published
Jan 16, 2024
ProTip!
Advisories are also available from the
GraphQL API