Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,633
Erlang
34
GitHub Actions
25
Go
2,238
Maven
5,000+
npm
3,900
NuGet
701
pip
3,666
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
This issue was addressed with improved redaction of sensitive information. This issue is fixed in... Critical Unreviewed
CVE-2025-24146 was published Jan 28, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27667 was published Mar 5, 2025
IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar multiplication Critical
CVE-2023-26556 was published for github.com/binance-chain/tss-lib (Go) Apr 21, 2023
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable... Critical Unreviewed
CVE-2024-25714 was published Feb 11, 2024
PHPECC vulnerable to multiple cryptographic side-channel attacks Critical
GHSA-346h-749j-r28w was published for mdanter/ecc (Composer) Apr 25, 2024
User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password... Critical Unreviewed
CVE-2023-40756 was published Aug 28, 2023
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed
CVE-2024-25189 was published Feb 8, 2024
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed
CVE-2024-25191 was published Feb 8, 2024
l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it... Critical Unreviewed
CVE-2024-25190 was published Feb 8, 2024
darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which... Critical Unreviewed
CVE-2024-23771 was published Jan 22, 2024
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable... Critical Unreviewed
CVE-2022-23303 was published Feb 15, 2022
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are... Critical Unreviewed
CVE-2022-23304 was published Feb 15, 2022
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to... Critical Unreviewed
CVE-2018-1000884 was published May 13, 2022
Information disclosure through timing and power side-channels during mod exponentiation for RSA... Critical Unreviewed
CVE-2021-1924 was published May 24, 2022
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could... Critical Unreviewed
CVE-2022-40895 was published Oct 6, 2022
Timing attack on HMAC signature comparison in Apache Tapestry Critical
CVE-2019-10071 was published for org.apache.tapestry:tapestry-core (Maven) Sep 26, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database