Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,361
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,794
NuGet
685
pip
3,473
Pub
12
RubyGems
895
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

342 advisories

Loading
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK... Moderate Unreviewed
CVE-2024-0553 was published Jan 16, 2024
Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1... Moderate Unreviewed
CVE-2023-50979 was published Dec 27, 2023
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM... Moderate Unreviewed
CVE-2023-41097 was published Dec 21, 2023
Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This... Moderate Unreviewed
CVE-2023-6135 was published Dec 19, 2023
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an... Moderate Unreviewed
CVE-2023-23584 was published Dec 19, 2023
The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting... Moderate Unreviewed
CVE-2023-4421 was published Dec 12, 2023
In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation... Moderate Unreviewed
CVE-2023-40090 was published Dec 5, 2023
UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message... Moderate Unreviewed
CVE-2023-47102 was published Nov 13, 2023
In Package Manager Service, there is a possible way to determine whether an app is installed,... Moderate Unreviewed
CVE-2023-21354 was published Oct 30, 2023
In Media Projection, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2023-21350 was published Oct 30, 2023
In Input Method, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2023-21336 was published Oct 30, 2023
In Job Scheduler, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2023-21344 was published Oct 30, 2023
In Text Services, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2023-21333 was published Oct 30, 2023
In Text Services, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2023-21332 was published Oct 30, 2023
In Input Method, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2023-21338 was published Oct 30, 2023
In Settings, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2023-21335 was published Oct 30, 2023
In Usage Stats Service, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2022-20264 was published Oct 30, 2023
In InputMethod, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2023-21331 was published Oct 30, 2023
In Overlay Manager, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2023-21330 was published Oct 30, 2023
In Device Policy, there is a possible way to verify if a particular admin app is registered on... Moderate Unreviewed
CVE-2023-21320 was published Oct 30, 2023
In Content, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2023-21316 was published Oct 30, 2023
In Activity Manager, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2023-21323 was published Oct 30, 2023
In PackageManager, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2023-21300 was published Oct 30, 2023
In ContentService, there is a possible way to read installed sync content providers due to side... Moderate Unreviewed
CVE-2023-21306 was published Oct 30, 2023
In ContentService, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2023-21317 was published Oct 30, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database