Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

538 advisories

Loading
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2... High Unreviewed
CVE-2021-38562 was published May 24, 2022
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs... Moderate Unreviewed
CVE-2020-27170 was published May 24, 2022
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding... Moderate Unreviewed
CVE-2021-24119 was published May 24, 2022
When binding against a DN during authentication, the reply from 389-ds-base will be different... Moderate Unreviewed
CVE-2020-35518 was published May 24, 2022
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted... Low Unreviewed
CVE-2020-16150 was published May 24, 2022
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could... Moderate Unreviewed
CVE-2022-0823 was published Jun 10, 2022
Potential speculative code store bypass in all supported CPU products, in conjunction with... Moderate Unreviewed
CVE-2021-26313 was published May 24, 2022
Observable behavioral in power management throttling for some Intel(R) Processors may allow an... Moderate Unreviewed
CVE-2022-24436 was published Jun 16, 2022
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore)... Moderate Unreviewed
CVE-2022-32273 was published Jun 9, 2022
A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid... Moderate Unreviewed
CVE-2021-41634 was published Jun 25, 2022
A potential vulnerability in some AMD processors using frequency scaling may allow an... Moderate Unreviewed
CVE-2022-23823 was published Jun 16, 2022
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified... Moderate Unreviewed
CVE-2022-20752 was published Jul 7, 2022
The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by... Moderate Unreviewed
CVE-2022-32425 was published Jul 15, 2022
fastify-bearer-auth vulnerable to Timing Attack Vector High
CVE-2022-31142 was published for @fastify/bearer-auth (npm) Jul 15, 2022
Uzlopak
Timing attack on HMAC signature comparison in Apache Tapestry Critical
CVE-2019-10071 was published for org.apache.tapestry:tapestry-core (Maven) Sep 26, 2019
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for... High Unreviewed
CVE-2022-4499 was published Jan 11, 2023
A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue... Moderate Unreviewed
CVE-2022-4543 was published Jan 11, 2023
In ContentResolver, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20316 was published Aug 13, 2022
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance ... High Unreviewed
CVE-2022-20866 was published Aug 11, 2022
In AlarmManagerService, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20307 was published Aug 13, 2022
In PackageInstaller, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20309 was published Aug 13, 2022
In Content, there is a possible way to determinate the user's account due to side channel... Moderate Unreviewed
CVE-2022-20304 was published Aug 13, 2022
In AppOpsService, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2022-20291 was published Aug 13, 2022
In LauncherApps, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2022-20293 was published Aug 13, 2022
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source... Low Unreviewed
CVE-2022-32296 was published Jun 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database