Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

388 advisories

Loading
Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the... Moderate Unreviewed
CVE-2024-38465 was published Jun 16, 2024
By monitoring the time certain operations take, an attacker could have guessed which external... Moderate Unreviewed
CVE-2024-5690 was published Jun 11, 2024
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by... Moderate Unreviewed
CVE-2024-31878 was published Jun 7, 2024
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") Moderate
CVE-2024-30171 was published for BouncyCastle (Maven) May 14, 2024
levpachmanov
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is... Moderate Unreviewed
CVE-2024-27839 was published May 14, 2024
IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to... Moderate Unreviewed
CVE-2023-27283 was published May 4, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames... Moderate Unreviewed
CVE-2021-20556 was published May 3, 2024
In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly... Moderate Unreviewed
CVE-2024-30176 was published May 1, 2024
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be... Moderate Unreviewed
CVE-2024-2467 was published Apr 25, 2024
A timing-based side-channel exists in the rust-openssl package, which could be sufficient to... Moderate Unreviewed
CVE-2024-3296 was published Apr 4, 2024
This issue occurs during password recovery, where a difference in messages could allow an... Moderate Unreviewed
CVE-2024-2464 was published Mar 21, 2024
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This... Moderate Unreviewed
CVE-2024-25651 was published Mar 14, 2024
IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to... Moderate Unreviewed
CVE-2023-38362 was published Mar 4, 2024
User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported... Moderate Unreviewed
CVE-2024-26268 was published Feb 20, 2024
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a... Moderate Unreviewed
CVE-2023-6935 was published Feb 10, 2024
Liferay Portal allows attackers to discover the existence of sites Moderate
CVE-2024-25146 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib... Moderate Unreviewed
CVE-2024-0202 was published Feb 5, 2024
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the... Moderate Unreviewed
CVE-2023-6240 was published Feb 4, 2024
Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy... Moderate Unreviewed
CVE-2021-21575 was published Feb 2, 2024
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as... Moderate Unreviewed
CVE-2023-5992 was published Jan 31, 2024
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing... Moderate Unreviewed
CVE-2024-23170 was published Jan 31, 2024
A timing side-channel vulnerability has been discovered in the opencryptoki package while... Moderate Unreviewed
CVE-2024-0914 was published Jan 31, 2024
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of... Moderate Unreviewed
CVE-2024-0564 was published Jan 30, 2024
An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user... Moderate Unreviewed
CVE-2024-22647 was published Jan 30, 2024
A timing side-channel issue was addressed with improvements to constant-time computation in... Moderate Unreviewed
CVE-2024-23218 was published Jan 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database