GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
58 advisories
Filter by severity
Potential Observable Timing Discrepancy in Wagtail
Moderate
CVE-2020-11037
was published
for
wagtail
(pip)
May 7, 2020
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
Moderate
GHSA-c6c4-7x48-4cqp
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
Moderate
GHSA-9h6g-6mxg-vvp4
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Login timing attack in ibexa/core
Critical
GHSA-2x4v-g8cx-jxrq
was published
for
ibexa/core
(Composer)
Jun 2, 2022
Login timing attack in ezsystems/ezplatform-kernel
Critical
GHSA-342c-vcff-2ff2
was published
for
ezsystems/ezplatform-kernel
(Composer)
Jun 2, 2022
express-basic-auth Timing Attack due to native string comparison instead of constant time string comparison
Low
GHSA-c35v-qwqg-87jc
was published
for
express-basic-auth
(npm)
Jun 6, 2019
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator
High
CVE-2022-3143
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
Jan 13, 2023
fastify-bearer-auth vulnerable to Timing Attack Vector
High
CVE-2022-31142
was published
for
@fastify/bearer-auth
(npm)
Jul 15, 2022
Apache Hive Information Exposure and Observable Timing Discrepancy
Moderate
CVE-2020-1926
was published
for
org.apache.hive:hive
(Maven)
Feb 9, 2022
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
Moderate
CVE-2021-31406
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8
Moderate
CVE-2021-31403
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
Moderate
CVE-2021-31404
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Observable Timing Discrepancy in aaugustin websockets library
Moderate
CVE-2021-33880
was published
for
websockets
(pip)
Jun 11, 2021
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin
Low
CVE-2022-43412
was published
for
org.jenkins-ci.plugins:generic-webhook-trigger
(Maven)
Oct 19, 2022
OpenSearch has time discrepancy in authentication responses
Moderate
CVE-2023-25806
was published
for
org.opensearch.plugin:opensearch-security
(Maven)
Mar 7, 2023
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime
Moderate
CVE-2021-29445
was published
for
jose-node-esm-runtime
(npm)
Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime
Moderate
CVE-2021-29446
was published
for
jose-node-cjs-runtime
(npm)
Apr 19, 2021
Answer has Observable Timing Discrepancy
Moderate
CVE-2023-1538
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
Login timing attack in ezsystems/ezpublish-kernel
Critical
GHSA-xfqg-p48g-hh94
was published
for
ezsystems/ezpublish-kernel
(Composer)
Jun 2, 2022
Possible Information Leak / Session Hijack Vulnerability in Rack
Moderate
CVE-2019-16782
was published
for
rack
(RubyGems)
Dec 18, 2019
Possible timing attack in derivation_endpoint
Moderate
CVE-2020-15237
was published
for
shrine
(RubyGems)
Oct 5, 2020
Observable Timing Discrepancy in totp-rs
Moderate
CVE-2022-29185
was published
for
totp-rs
(Rust)
May 24, 2022
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks
Moderate
CVE-2023-25000
was published
for
github.com/hashicorp/vault
(Go)
Mar 30, 2023
libsecp256k1 contains side-channel timing attack
High
CVE-2019-25003
was published
for
libsecp256k1
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API