GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
PHPECC vulnerable to multiple cryptographic side-channel attacks
Critical
GHSA-346h-749j-r28w
was published
for
mdanter/ecc
(Composer)
Apr 25, 2024
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable...
Critical
Unreviewed
CVE-2024-25714
was published
Feb 11, 2024
l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it...
Critical
Unreviewed
CVE-2024-25190
was published
Feb 8, 2024
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it...
Critical
Unreviewed
CVE-2024-25191
was published
Feb 8, 2024
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it...
Critical
Unreviewed
CVE-2024-25189
was published
Feb 8, 2024
darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which...
Critical
Unreviewed
CVE-2024-23771
was published
Jan 22, 2024
User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password...
Critical
Unreviewed
CVE-2023-40756
was published
Aug 28, 2023
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could...
Critical
Unreviewed
CVE-2022-40895
was published
Oct 6, 2022
Information disclosure through timing and power side-channels during mod exponentiation for RSA...
Critical
Unreviewed
CVE-2021-1924
was published
May 24, 2022
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to...
Critical
Unreviewed
CVE-2018-1000884
was published
May 13, 2022
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are...
Critical
Unreviewed
CVE-2022-23304
was published
Feb 15, 2022
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable...
Critical
Unreviewed
CVE-2022-23303
was published
Feb 15, 2022
Timing attack on HMAC signature comparison in Apache Tapestry
Critical
CVE-2019-10071
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Sep 26, 2019
ProTip!
Advisories are also available from the
GraphQL API