GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,330
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
90 advisories
Filter by severity
rack-protection gem timing attack vulnerability when validating CSRF token
Moderate
CVE-2018-1000119
was published
for
rack-protection
(RubyGems)
Mar 7, 2018
Jetty vulnerable to exposure of sensitive information due to observable discrepancy
High
CVE-2017-9735
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Timing attack on HMAC signature comparison in Apache Tapestry
Critical
CVE-2019-10071
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Sep 26, 2019
Timing attacks might allow practical recovery of the long-term private key
High
CVE-2019-10764
was published
for
simplito/elliptic-php
(Composer)
Nov 20, 2019
User enumeration leak using switch user functionality in Symfony
Moderate
CVE-2019-18886
was published
for
symfony/security-http
(Composer)
Dec 2, 2019
Possible Information Leak / Session Hijack Vulnerability in Rack
Moderate
CVE-2019-16782
was published
for
rack
(RubyGems)
Dec 18, 2019
Observable Timing Discrepancy in OpenMage LTS
High
CVE-2020-15151
was published
for
openmage/magento-lts
(Composer)
Aug 19, 2020
Possible timing attack in derivation_endpoint
Moderate
CVE-2020-15237
was published
for
shrine
(RubyGems)
Oct 5, 2020
/user/sessions endpoint allows detecting valid accounts
High
GHSA-7vwg-39h8-8qp8
was published
for
ezsystems/ezplatform-rest
(Composer)
Mar 11, 2021
/user/sessions endpoint allows detecting valid accounts
High
GHSA-gmrf-99gw-vvwj
was published
for
ezsystems/ezpublish-kernel
(Composer)
Mar 11, 2021
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
Moderate
CVE-2021-31406
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8
Moderate
CVE-2021-31403
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
Moderate
CVE-2021-31404
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose
Moderate
CVE-2021-29443
was published
for
jose
(npm)
Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime
Moderate
CVE-2021-29444
was published
for
jose-browser-runtime
(npm)
Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime
Moderate
CVE-2021-29445
was published
for
jose-node-esm-runtime
(npm)
Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime
Moderate
CVE-2021-29446
was published
for
jose-node-cjs-runtime
(npm)
Apr 19, 2021
Observable Differences in Behavior to Error Inputs in Bouncy Castle
Moderate
CVE-2020-26939
was published
for
org.bouncycastle:bc-fips
(Maven)
Apr 22, 2021
Prevent user enumeration using Guard or the new Authenticator-based Security
Moderate
CVE-2021-21424
was published
for
lexik/jwt-authentication-bundle
(Composer)
May 13, 2021
Observable Response Discrepancy in Flask-AppBuilder
Moderate
CVE-2021-29621
was published
for
Flask-AppBuilder
(pip)
May 27, 2021
Observable Timing Discrepancy in aaugustin websockets library
Moderate
CVE-2021-33880
was published
for
websockets
(pip)
Jun 11, 2021
Timing based private key exposure in Bouncy Castle
Moderate
CVE-2020-15522
was published
for
BouncyCastle
(Maven)
Aug 13, 2021
Observable Discrepancy in libsecp256k1-rs
Moderate
CVE-2019-20399
was published
for
libsecp256k1-rs
(Rust)
Aug 25, 2021
Observable Response Discrepancy in Lost Password Service
Moderate
CVE-2021-39189
was published
for
pimcore/pimcore
(Composer)
Sep 20, 2021
Observable Discrepancy in Apache Kafka
Moderate
CVE-2021-38153
was published
for
org.apache.kafka:kafka-clients
(Maven)
Sep 23, 2021
ProTip!
Advisories are also available from the
GraphQL API