Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,362
Erlang
33
GitHub Actions
22
Go
2,134
Maven
5,000+
npm
3,797
NuGet
687
pip
3,473
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

554 advisories

Loading
A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by... Moderate Unreviewed
CVE-2020-11683 was published May 24, 2022
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being... Moderate Unreviewed
CVE-2020-1968 was published May 24, 2022
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted... Low Unreviewed
CVE-2020-16150 was published May 24, 2022
An information disclosure vulnerability exists on ARM implementations that use speculative... Low Unreviewed
CVE-2020-1459 was published May 24, 2022
Magento observable timing discrepancy vulnerability Moderate
CVE-2020-9690 was published for magento/community-edition (Composer) May 24, 2022
Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed... Moderate Unreviewed
CVE-2020-6531 was published May 24, 2022
During RSA key generation, bignum implementations used a variation of the Binary Extended... Moderate Unreviewed
CVE-2020-12402 was published May 24, 2022
NSS has shown timing differences when performing DSA signatures, which was exploitable and could... Moderate Unreviewed
CVE-2020-12399 was published May 24, 2022
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the... Moderate Unreviewed
CVE-2020-14002 was published May 24, 2022
The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an... Moderate Unreviewed
CVE-2020-14145 was published May 24, 2022
Magento Signature verification bypass High
CVE-2020-9588 was published for magento/community-edition (Composer) May 24, 2022
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular... Moderate Unreviewed
CVE-2020-11735 was published May 24, 2022
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote... Moderate Unreviewed
CVE-2020-13998 was published May 24, 2022
Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in... Low Unreviewed
CVE-2020-13844 was published May 24, 2022
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response... Moderate Unreviewed
CVE-2020-13413 was published May 24, 2022
wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing... Moderate Unreviewed
CVE-2020-11713 was published May 24, 2022
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the... Moderate Unreviewed
CVE-2019-5135 was published May 24, 2022
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example... Moderate Unreviewed
CVE-2020-7959 was published May 24, 2022
Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote... Moderate Unreviewed
CVE-2020-6400 was published May 24, 2022
Non-constant time HMAC comparison Moderate
CVE-2020-2102 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Non-constant time comparison of inbound TCP agent connection secret Moderate
CVE-2020-2101 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1... Moderate Unreviewed
CVE-2019-18222 was published May 24, 2022
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185.... Moderate Unreviewed
CVE-2019-16516 was published May 24, 2022
GnuTLS incorrectly validates the first byte of padding in CBC modes Moderate Unreviewed
CVE-2015-8313 was published May 24, 2022
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the... Low Unreviewed
CVE-2019-13456 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database