Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Loading
Possible Information Leak / Session Hijack Vulnerability in Rack Moderate
CVE-2019-16782 was published for rack (RubyGems) Dec 18, 2019
will
Potential Observable Timing Discrepancy in Wagtail Moderate
CVE-2020-11037 was published for wagtail (pip) May 7, 2020
thibaudcolas
Possible timing attack in derivation_endpoint Moderate
CVE-2020-15237 was published for shrine (RubyGems) Oct 5, 2020
esparta
Activerecord-session_store Vulnerable to Timing Attack Moderate
CVE-2019-25025 was published for activerecord-session_store (RubyGems) Mar 9, 2021
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 Moderate
GHSA-9h6g-6mxg-vvp4 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
xhlika
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 Moderate
GHSA-c6c4-7x48-4cqp was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 Moderate
CVE-2021-31406 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8 Moderate
CVE-2021-31403 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 Moderate
CVE-2021-31404 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime Moderate
CVE-2021-29445 was published for jose-node-esm-runtime (npm) Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime Moderate
CVE-2021-29446 was published for jose-node-cjs-runtime (npm) Apr 19, 2021
Observable Timing Discrepancy in aaugustin websockets library Moderate
CVE-2021-33880 was published for websockets (pip) Jun 11, 2021
Apache Hive Information Exposure and Observable Timing Discrepancy Moderate
CVE-2020-1926 was published for org.apache.hive:hive (Maven) Feb 9, 2022
Non-constant time comparison of inbound TCP agent connection secret Moderate
CVE-2020-2101 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Non-constant time HMAC comparison Moderate
CVE-2020-2102 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Observable Timing Discrepancy in totp-rs Moderate
CVE-2022-29185 was published for totp-rs (Rust) May 24, 2022
tdunlap607
Observable timing discrepancy allows determining username validity in Jenkins Moderate
CVE-2022-34174 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
OpenShift OSIN vulnerable to Observable Timing Discrepancy Moderate
CVE-2021-4294 was published for github.com/openshift/osin (Go) Dec 28, 2022
easy-scrypt Observable Timing Discrepancy vulnerability Moderate
CVE-2014-125055 was published for github.com/agnivade/easy-scrypt (Go) Jan 7, 2023
Barzahlen Payment Module PHP SDK vulnerable to Observable Timing Discrepancy Moderate
CVE-2016-15015 was published for barzahlen/barzahlen-php (Composer) Jan 8, 2023
OpenSearch has time discrepancy in authentication responses Moderate
CVE-2023-25806 was published for org.opensearch.plugin:opensearch-security (Maven) Mar 7, 2023
Answer has Observable Timing Discrepancy Moderate
CVE-2023-1538 was published for github.com/answerdev/answer (Go) Mar 21, 2023
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks Moderate
CVE-2023-25000 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
Harbor timing attack risk Moderate
CVE-2023-20902 was published for github.com/goharbor/harbor (Go) Oct 10, 2023
m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657 Moderate
CVE-2023-50781 was published for m2crypto (pip) Feb 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database