Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,140
Maven
5,000+
npm
3,800
NuGet
687
pip
3,478
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

81 advisories

Loading
Minerva timing attack on P-256 in python-ecdsa High
CVE-2024-23342 was published for ecdsa (pip) Jan 22, 2024
tomato42
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM... Moderate Unreviewed
CVE-2023-41097 was published Dec 21, 2023
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character High
CVE-2015-20110 was published for generator-jhipster (npm) Oct 31, 2023
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin Low
CVE-2023-46660 was published for org.jenkins-ci.plugins:zanata (Maven) Oct 25, 2023
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison Low
CVE-2023-46658 was published for io.jenkins.plugins:teams-webhook-trigger (Maven) Oct 25, 2023
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison Low
CVE-2023-46656 was published for igalg.jenkins.plugins:multibranch-scan-webhook-trigger (Maven) Oct 25, 2023
Jenkins Gogs Plugin uses non-constant time webhook token comparison Low
CVE-2023-46657 was published for org.jenkins-ci.plugins:gogs-webhook (Maven) Oct 25, 2023
The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM,... Moderate Unreviewed
CVE-2022-25332 was published Oct 19, 2023
Harbor timing attack risk Moderate
CVE-2023-20902 was published for github.com/goharbor/harbor (Go) Oct 10, 2023
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated... High Unreviewed
CVE-2023-25529 was published Sep 20, 2023
Mailman Core vulnerable to timing attacks High
CVE-2021-34337 was published for mailman (pip) Apr 15, 2023
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks Moderate
CVE-2023-25000 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
Answer has Observable Timing Discrepancy Moderate
CVE-2023-1538 was published for github.com/answerdev/answer (Go) Mar 21, 2023
OpenSearch has time discrepancy in authentication responses Moderate
CVE-2023-25806 was published for org.opensearch.plugin:opensearch-security (Maven) Mar 7, 2023
Observable timing discrepancy in JOpenId High
CVE-2010-10006 was published for org.expressme:JOpenId (Maven) Jan 18, 2023
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator High
CVE-2022-3143 was published for org.wildfly.security:wildfly-elytron (Maven) Jan 13, 2023
Barzahlen Payment Module PHP SDK vulnerable to Observable Timing Discrepancy Moderate
CVE-2016-15015 was published for barzahlen/barzahlen-php (Composer) Jan 8, 2023
A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue... Moderate Unreviewed
CVE-2014-125056 was published Jan 7, 2023
easy-scrypt Observable Timing Discrepancy vulnerability Moderate
CVE-2014-125055 was published for github.com/agnivade/easy-scrypt (Go) Jan 7, 2023
A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected... High Unreviewed
CVE-2013-10006 was published Jan 1, 2023
A vulnerability, which was classified as problematic, was found in InSTEDD Nuntium. Affected is... Moderate Unreviewed
CVE-2022-4823 was published Dec 28, 2022
OpenShift OSIN vulnerable to Observable Timing Discrepancy Moderate
CVE-2021-4294 was published for github.com/openshift/osin (Go) Dec 28, 2022
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin Low
CVE-2022-43412 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) Oct 19, 2022
NotMyFault
Non-constant time webhook token comparison in Jenkins GitLab Plugin Low
CVE-2022-43411 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Oct 19, 2022
NotMyFault
Atlantis Events vulnerable to Timing Attack High
CVE-2022-24912 was published for github.com/runatlantis/atlantis (Go) Jul 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database