Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

56 advisories

Loading
Observable Timing Discrepancy in totp-rs Moderate
CVE-2022-29185 was published for totp-rs (Rust) May 24, 2022
tdunlap607
Observable Discrepancy in Wildfly Elytron Moderate
CVE-2021-3642 was published for org.wildfly.security:wildfly-elytron (Maven) May 24, 2022
Magento observable timing discrepancy vulnerability Moderate
CVE-2020-9690 was published for magento/community-edition (Composer) May 24, 2022
Non-constant time comparison of inbound TCP agent connection secret Moderate
CVE-2020-2101 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Non-constant time HMAC comparison Moderate
CVE-2020-2102 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
wolfCrypt leaks cryptographic information via timing side channel Moderate
CVE-2019-13628 was published for wolfcrypt (pip) May 24, 2022
Pagekit User enumeration Moderate
CVE-2019-16669 was published for pagekit/pagekit (Composer) May 24, 2022
Observable Discrepancy in BouncyCastle Moderate
CVE-2017-13098 was published for org.bouncycastle:bcprov-jdk15on (Maven) May 13, 2022
Observable Discrepancy in Apache Tomcat Moderate
CVE-2016-0762 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ
Exposure of Sensitive Information in snipe/snipe-it Moderate
CVE-2022-0569 was published for snipe/snipe-it (Composer) Feb 15, 2022
Apache Hive Information Exposure and Observable Timing Discrepancy Moderate
CVE-2020-1926 was published for org.apache.hive:hive (Maven) Feb 9, 2022
Observable Response Discrepancy in Flask-AppBuilder Moderate
CVE-2022-21659 was published for Flask-AppBuilder (pip) Feb 1, 2022
SamWheating
Observable Discrepancy in Argo Moderate
CVE-2020-11576 was published for github.com/argoproj/argo-cd (Go) Dec 9, 2021
Observable Discrepancy in Apache Kafka Moderate
CVE-2021-38153 was published for org.apache.kafka:kafka-clients (Maven) Sep 23, 2021
pavelarnost
Observable Response Discrepancy in Lost Password Service Moderate
CVE-2021-39189 was published for pimcore/pimcore (Composer) Sep 20, 2021
Observable Discrepancy in libsecp256k1-rs Moderate
CVE-2019-20399 was published for libsecp256k1-rs (Rust) Aug 25, 2021
Timing based private key exposure in Bouncy Castle Moderate
CVE-2020-15522 was published for BouncyCastle (Maven) Aug 13, 2021
klaudialax
Observable Response Discrepancy in Flask-AppBuilder Moderate
CVE-2021-29621 was published for Flask-AppBuilder (pip) May 27, 2021
Prevent user enumeration using Guard or the new Authenticator-based Security Moderate
CVE-2021-21424 was published for lexik/jwt-authentication-bundle (Composer) May 13, 2021
jamesisaac mbrodala
chalasr
Observable Differences in Behavior to Error Inputs in Bouncy Castle Moderate
CVE-2020-26939 was published for org.bouncycastle:bc-fips (Maven) Apr 22, 2021
ebickle
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime Moderate
CVE-2021-29446 was published for jose-node-cjs-runtime (npm) Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime Moderate
CVE-2021-29445 was published for jose-node-esm-runtime (npm) Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime Moderate
CVE-2021-29444 was published for jose-browser-runtime (npm) Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose Moderate
CVE-2021-29443 was published for jose (npm) Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 Moderate
CVE-2021-31404 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
ProTip! Advisories are also available from the GraphQL API