GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19
Moderate
CVE-2021-31406
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8
Moderate
CVE-2021-31403
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
Moderate
CVE-2021-31404
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Observable Differences in Behavior to Error Inputs in Bouncy Castle
Moderate
CVE-2020-26939
was published
for
org.bouncycastle:bc-fips
(Maven)
Apr 22, 2021
Timing based private key exposure in Bouncy Castle
Moderate
CVE-2020-15522
was published
for
BouncyCastle
(Maven)
Aug 13, 2021
Observable Discrepancy in Apache Kafka
Moderate
CVE-2021-38153
was published
for
org.apache.kafka:kafka-clients
(Maven)
Sep 23, 2021
Apache Hive Information Exposure and Observable Timing Discrepancy
Moderate
CVE-2020-1926
was published
for
org.apache.hive:hive
(Maven)
Feb 9, 2022
Observable Discrepancy in Apache Tomcat
Moderate
CVE-2016-0762
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Observable Discrepancy in BouncyCastle
Moderate
CVE-2017-13098
was published
for
org.bouncycastle:bcprov-jdk15on
(Maven)
May 13, 2022
Non-constant time comparison of inbound TCP agent connection secret
Moderate
CVE-2020-2101
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Non-constant time HMAC comparison
Moderate
CVE-2020-2102
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Observable Discrepancy in Wildfly Elytron
Moderate
CVE-2021-3642
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
May 24, 2022
Observable timing discrepancy allows determining username validity in Jenkins
Moderate
CVE-2022-34174
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
OpenCRX vulnerable to password enumeration via error messages in password reset
Moderate
CVE-2022-40084
was published
for
org.opencrx:opencrx-client
(Maven)
Oct 20, 2022
OpenSearch has time discrepancy in authentication responses
Moderate
CVE-2023-25806
was published
for
org.opensearch.plugin:opensearch-security
(Maven)
Mar 7, 2023
Liferay Portal allows attackers to discover the existence of sites
Moderate
CVE-2024-25146
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
Moderate
CVE-2024-30171
was published
for
BouncyCastle
(Maven)
May 14, 2024
ProTip!
Advisories are also available from the
GraphQL API