Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

47 advisories

Loading
IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user... Low Unreviewed
CVE-2024-31870 was published Jun 15, 2024
s2n-tls has a potentially observable differences in RSA premaster secret handling Low
GHSA-52xf-5p2m-9wrv was published for s2n-tls (Rust) Jun 6, 2024
1Panel's password verification is suspected to have a timing attack vulnerability Low
CVE-2024-30257 was published for github.com/1Panel-dev/1Panel (Go) Apr 18, 2024
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation Low
CVE-2023-50708 was published for yiisoft/yii2-authclient (Composer) Dec 18, 2023
rhertogh
In Window Manager, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2023-21348 was published Oct 30, 2023
In Game Manager Service, there is a possible way to determine whether an app is installed,... Low Unreviewed
CVE-2023-21345 was published Oct 30, 2023
In the Device Idle Controller, there is a possible way to determine whether an app is installed,... Low Unreviewed
CVE-2023-21346 was published Oct 30, 2023
In Package Manager, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2023-21349 was published Oct 30, 2023
Jenkins Tuleap Authentication Plugin non-constant time token comparison Low
CVE-2023-40343 was published for io.jenkins.plugins:tuleap-oauth (Maven) Aug 16, 2023
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer... Low Unreviewed
CVE-2022-47952 was published Jan 1, 2023
In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to... Low Unreviewed
CVE-2022-20535 was published Dec 21, 2022
In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine... Low Unreviewed
CVE-2022-20559 was published Dec 21, 2022
In placeCall of TelecomManager.java, there is a possible way to determine whether an app is... Low Unreviewed
CVE-2022-20531 was published Dec 20, 2022
Non-constant time webhook token comparison in Jenkins GitLab Plugin Low
CVE-2022-43411 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Oct 19, 2022
NotMyFault
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin Low
CVE-2022-43412 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) Oct 19, 2022
NotMyFault
In PackageInstaller, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20318 was published Aug 13, 2022
In ActivityManager, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20320 was published Aug 13, 2022
In ContentResolver, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20316 was published Aug 13, 2022
In PackageInstaller, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20309 was published Aug 13, 2022
In AlarmManagerService, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20307 was published Aug 13, 2022
In PackageManager, there is a possible way to determine whether an app is installed, without... Low Unreviewed
CVE-2022-20252 was published Aug 12, 2022
In LocaleManager, there is a possible way to determine whether an app is installed, without query... Low Unreviewed
CVE-2022-20251 was published Aug 12, 2022
In LocaleManager, there is a possible way to determine whether an app is installed, without query... Low Unreviewed
CVE-2022-20249 was published Aug 12, 2022
Jenkins GitHub plugin uses weak webhook signature function Low
CVE-2022-36885 was published for com.coravy.hudson.plugins.github:github (Maven) Jul 28, 2022
westonsteimel NotMyFault
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source... Low Unreviewed
CVE-2022-32296 was published Jun 6, 2022
ProTip! Advisories are also available from the GraphQL API