Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

76 advisories

Loading
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison Low
CVE-2023-46656 was published for igalg.jenkins.plugins:multibranch-scan-webhook-trigger (Maven) Oct 25, 2023
Jenkins Gogs Plugin uses non-constant time webhook token comparison Low
CVE-2023-46657 was published for org.jenkins-ci.plugins:gogs-webhook (Maven) Oct 25, 2023
The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM,... Moderate Unreviewed
CVE-2022-25332 was published Oct 19, 2023
Harbor timing attack risk Moderate
CVE-2023-20902 was published for github.com/goharbor/harbor (Go) Oct 10, 2023
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated... High Unreviewed
CVE-2023-25529 was published Sep 20, 2023
Mailman Core vulnerable to timing attacks High
CVE-2021-34337 was published for mailman (pip) Apr 15, 2023
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks Moderate
CVE-2023-25000 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
Answer has Observable Timing Discrepancy Moderate
CVE-2023-1538 was published for github.com/answerdev/answer (Go) Mar 21, 2023
OpenSearch has time discrepancy in authentication responses Moderate
CVE-2023-25806 was published for org.opensearch.plugin:opensearch-security (Maven) Mar 7, 2023
Observable timing discrepancy in JOpenId High
CVE-2010-10006 was published for org.expressme:JOpenId (Maven) Jan 18, 2023
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator High
CVE-2022-3143 was published for org.wildfly.security:wildfly-elytron (Maven) Jan 13, 2023
Barzahlen Payment Module PHP SDK vulnerable to Observable Timing Discrepancy Moderate
CVE-2016-15015 was published for barzahlen/barzahlen-php (Composer) Jan 8, 2023
A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue... Moderate Unreviewed
CVE-2014-125056 was published Jan 7, 2023
easy-scrypt Observable Timing Discrepancy vulnerability Moderate
CVE-2014-125055 was published for github.com/agnivade/easy-scrypt (Go) Jan 7, 2023
A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected... High Unreviewed
CVE-2013-10006 was published Jan 1, 2023
A vulnerability, which was classified as problematic, was found in InSTEDD Nuntium. Affected is... Moderate Unreviewed
CVE-2022-4823 was published Dec 28, 2022
OpenShift OSIN vulnerable to Observable Timing Discrepancy Moderate
CVE-2021-4294 was published for github.com/openshift/osin (Go) Dec 28, 2022
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin Low
CVE-2022-43412 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) Oct 19, 2022
NotMyFault
Non-constant time webhook token comparison in Jenkins GitLab Plugin Low
CVE-2022-43411 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Oct 19, 2022
NotMyFault
Atlantis Events vulnerable to Timing Attack High
CVE-2022-24912 was published for github.com/runatlantis/atlantis (Go) Jul 30, 2022
Jenkins GitHub plugin uses weak webhook signature function Low
CVE-2022-36885 was published for com.coravy.hudson.plugins.github:github (Maven) Jul 28, 2022
westonsteimel NotMyFault
fastify-bearer-auth vulnerable to Timing Attack Vector High
CVE-2022-31142 was published for @fastify/bearer-auth (npm) Jul 15, 2022
Uzlopak
Observable timing discrepancy allows determining username validity in Jenkins Moderate
CVE-2022-34174 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
Login timing attack in ibexa/core Critical
GHSA-2x4v-g8cx-jxrq was published for ibexa/core (Composer) Jun 2, 2022
Login timing attack in ezsystems/ezpublish-kernel Critical
GHSA-xfqg-p48g-hh94 was published for ezsystems/ezpublish-kernel (Composer) Jun 2, 2022
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database