GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
56 advisories
Filter by severity
Gradio performs a non-constant-time comparison when comparing hashes
Moderate
CVE-2024-47869
was published
for
gradio
(pip)
Oct 10, 2024
Django allows enumeration of user e-mail addresses
Moderate
CVE-2024-45231
was published
for
Django
(pip)
Oct 8, 2024
ZITADEL "ignoring unknown usernames" vulnerability
Moderate
CVE-2024-41952
was published
for
github.com/zitadel/zitadel
(Go)
Jul 31, 2024
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Moderate
GHSA-x4gp-pqpj-f43q
was published
for
curve25519-dalek
(Rust)
Jun 18, 2024
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
Moderate
CVE-2024-30171
was published
for
BouncyCastle
(Maven)
May 14, 2024
Liferay Portal allows attackers to discover the existence of sites
Moderate
CVE-2024-25146
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Marvin Attack: potential key recovery through timing sidechannels
Moderate
CVE-2023-49092
was published
for
rsa
(Rust)
Nov 28, 2023
Economizzer user enumeration vulnerability
Moderate
CVE-2023-38871
was published
for
gugoan/economizzer
(Composer)
Sep 28, 2023
Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration
Moderate
CVE-2023-41885
was published
for
piccolo
(pip)
Sep 12, 2023
Username enumeration attack in goauthentik
Moderate
CVE-2023-39522
was published
for
@goauthentik/api
(npm)
Aug 29, 2023
HashiCorp Vault and Vault Enterprise vulnerable to user enumeration
Moderate
CVE-2023-3462
was published
for
github.com/hashicorp/vault
(Go)
Aug 1, 2023
ginuerzh/gost vulnerable to Timing Attack
Moderate
CVE-2023-32691
was published
for
github.com/ginuerzh/gost
(Go)
May 22, 2023
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks
Moderate
CVE-2023-25000
was published
for
github.com/hashicorp/vault
(Go)
Mar 30, 2023
Argo CD authenticated but unauthorized users may enumerate Application names via the API
Moderate
CVE-2022-41354
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 23, 2023
Answer has Observable Response Discrepancy
Moderate
CVE-2023-1540
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
Answer has Observable Timing Discrepancy
Moderate
CVE-2023-1538
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
OpenSearch has time discrepancy in authentication responses
Moderate
CVE-2023-25806
was published
for
org.opensearch.plugin:opensearch-security
(Maven)
Mar 7, 2023
vantage6 vulnerable to Observable Response Discrepancy
Moderate
CVE-2022-39228
was published
for
vantage6
(pip)
Feb 28, 2023
openssl-src subject to Timing Oracle in RSA Decryption
Moderate
CVE-2022-4304
was published
for
openssl-src
(Rust)
Feb 8, 2023
Barzahlen Payment Module PHP SDK vulnerable to Observable Timing Discrepancy
Moderate
CVE-2016-15015
was published
for
barzahlen/barzahlen-php
(Composer)
Jan 8, 2023
OpenShift OSIN vulnerable to Observable Timing Discrepancy
Moderate
CVE-2021-4294
was published
for
github.com/openshift/osin
(Go)
Dec 28, 2022
Snipe-IT allows attackers to check whether a user account exists
Moderate
CVE-2022-44381
was published
for
snipe/snipe-it
(Composer)
Dec 25, 2022
OpenCRX vulnerable to password enumeration via error messages in password reset
Moderate
CVE-2022-40084
was published
for
org.opencrx:opencrx-client
(Maven)
Oct 20, 2022
TYPO3 CMS vulnerable to User Enumeration via Response Timing
Moderate
CVE-2022-36105
was published
for
typo3/cms
(Composer)
Sep 16, 2022
Observable timing discrepancy allows determining username validity in Jenkins
Moderate
CVE-2022-34174
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
ProTip!
Advisories are also available from the
GraphQL API