Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
vLLM is vulnerable to timing attack at bearer auth High
CVE-2025-59425 was published for vllm (pip) Oct 7, 2025
NiuBlibing Credited to NiuBlibing and russellb russellb russellb
Issue summary: A timing side-channel which could potentially allow remote recovery of the private... Moderate Unreviewed
CVE-2025-9231 was published Sep 30, 2025
Timing Attack Vulnerability in SCRAM Authentication Moderate
CVE-2025-59432 was published for com.ongres.scram:scram-common (Maven) Sep 16, 2025
jorsol Credited to jorsol
In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding... Moderate Unreviewed
CVE-2025-49087 was published Jul 20, 2025
In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable... Moderate Unreviewed
CVE-2025-7396 was published Jul 19, 2025
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack,... Moderate Unreviewed
CVE-2025-27587 was published Jun 17, 2025
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations Moderate
CVE-2025-29780 was published for PostQuantum-Feldman-VSS (pip) Mar 14, 2025
DavidOsipov Credited to DavidOsipov
Issue summary: A timing side-channel which could potentially allow recovering the private key... Moderate Unreviewed
CVE-2024-13176 was published Jan 20, 2025
A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This... High Unreviewed
CVE-2025-0306 was published Jan 9, 2025
Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications Moderate
CVE-2024-11862 was published for Devolutions.XTS.NET (NuGet) Nov 27, 2024
zer0x64 Credited to zer0x64 and pdugre pdugre pdugre
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked... High Unreviewed
CVE-2023-46809 was published Sep 7, 2024
An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. Cache-timing attacks can occur... High Unreviewed
CVE-2024-45192 was published Aug 22, 2024
Observable Timing Discrepancy in pypqc High
GHSA-hvh4-5qr6-3v7r was published for pypqc (pip) Jun 5, 2024
James-E-A Credited to James-E-A
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication,... Moderate Unreviewed
CVE-2024-26306 was published May 14, 2024
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA)... Low Unreviewed
CVE-2023-33855 was published Mar 26, 2024
Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A... Moderate Unreviewed
CVE-2024-25964 was published Mar 25, 2024
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may... Moderate Unreviewed
CVE-2024-2236 was published Mar 7, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack High
CVE-2023-50782 was published for cryptography (pip) Feb 5, 2024
m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657 Moderate
CVE-2023-50781 was published for m2crypto (pip) Feb 5, 2024
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing... Moderate Unreviewed
CVE-2024-23170 was published Jan 31, 2024
A timing side-channel vulnerability has been discovered in the opencryptoki package while... Moderate Unreviewed
CVE-2024-0914 was published Jan 31, 2024
Minerva timing attack on P-256 in python-ecdsa High
CVE-2024-23342 was published for ecdsa (pip) Jan 22, 2024
tomato42 Credited to tomato42 and levpachmanov levpachmanov levpachmanov
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK... Moderate Unreviewed
CVE-2024-0553 was published Jan 16, 2024
Marvin Attack: potential key recovery through timing sidechannels Moderate
CVE-2023-49092 was published for rsa (Rust) Nov 28, 2023
tomato42 Credited to tomato42 and lukas-braune lukas-braune lukas-braune
Marvin Attack: potential key recovery through timing sidechannels Moderate
GHSA-4grx-2x9w-596c was published for rsa (Rust) Nov 28, 2023
lukas-braune Credited to lukas-braune
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database