Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

72 advisories

Loading
Timing attack on django-basic-auth-ip-whitelist Low
CVE-2020-4071 was published for django-basic-auth-ip-whitelist (pip) Jun 23, 2020
thibaudcolas
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication Low
CVE-2024-45052 was published for ethyca-fides (pip) Sep 4, 2024
RobertKeyser pattisdr
daveqnet
The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against... Moderate Unreviewed
CVE-2024-1543 was published Aug 30, 2024
An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. The AES implementation is... Critical Unreviewed
CVE-2024-45191 was published Aug 22, 2024
open-telemetry has an Observable Timing Discrepancy Moderate
CVE-2024-42368 was published for github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension (Go) Aug 13, 2024
axw arminru
frzifus mx-psi evan-bradley
Windows Kerberos Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-29995 was published Aug 13, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack High
CVE-2023-50782 was published for cryptography (pip) Feb 5, 2024
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material Low
CVE-2024-40640 was published for vodozemac (Rust) Jul 17, 2024
The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks.... Critical Unreviewed
CVE-2023-41313 was published Mar 12, 2024
Django vulnerable to user enumeration attack Moderate
CVE-2024-39329 was published for Django (pip) Jul 10, 2024
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time Low Unreviewed
CVE-2024-41828 was published Jul 22, 2024
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,... Moderate Unreviewed
CVE-2020-35165 was published May 22, 2024
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may... Moderate Unreviewed
CVE-2024-2236 was published Mar 7, 2024
vantage6 vulnerable to a username timing attack on recover password/MFA token Moderate
CVE-2024-24770 was published for vantage6 (pip) Mar 15, 2024
OpenShift OSIN vulnerable to Observable Timing Discrepancy Moderate
CVE-2021-4294 was published for github.com/openshift/osin (Go) Dec 28, 2022
The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM,... Moderate Unreviewed
CVE-2022-25332 was published Oct 19, 2023
Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy... Moderate Unreviewed
CVE-2021-21575 was published Feb 2, 2024
A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib... Moderate Unreviewed
CVE-2024-0202 was published Feb 5, 2024
vantage6 vulnerable to username timing attack Low
CVE-2024-21671 was published for vantage6-server (pip) Jan 30, 2024
m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657 Moderate
CVE-2023-50781 was published for m2crypto (pip) Feb 5, 2024
Symfony Vulnerable to Timing Attack High
CVE-2015-8125 was published for symfony/form (Composer) May 17, 2022
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated... High Unreviewed
CVE-2023-25529 was published Sep 20, 2023
Minerva timing attack on P-256 in python-ecdsa High
CVE-2024-23342 was published for ecdsa (pip) Jan 22, 2024
tomato42
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM... Moderate Unreviewed
CVE-2023-41097 was published Dec 21, 2023
Non-constant time webhook token comparison in Jenkins GitLab Plugin Low
CVE-2022-43411 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Oct 19, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API