Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

527 advisories

Loading
Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a... Moderate Unreviewed
CVE-2024-1544 was published Aug 27, 2024
The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against... Moderate Unreviewed
CVE-2024-1543 was published Aug 30, 2024
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware... Moderate Unreviewed
CVE-2024-45678 was published Sep 3, 2024
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401,... High Unreviewed
CVE-2024-39921 was published Sep 4, 2024
Loway - CWE-204: Observable Response Discrepancy Moderate Unreviewed
CVE-2024-42343 was published Sep 8, 2024
User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine... Moderate Unreviewed
CVE-2024-34336 was published Sep 12, 2024
Observable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user... Moderate Unreviewed
CVE-2024-23984 was published Sep 16, 2024
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that... Moderate Unreviewed
CVE-2024-8651 was published Sep 19, 2024
The goTenna Pro has a payload length vulnerability that makes it possible to tell the length of... Moderate Unreviewed
CVE-2024-47129 was published Sep 26, 2024
The goTenna Pro ATAK Plugin has a payload length vulnerability that makes it possible to tell... Moderate Unreviewed
CVE-2024-41715 was published Sep 26, 2024
By checking the result of calls to `window.open` with specifically set protocol handlers, an... Moderate Unreviewed
CVE-2024-9398 was published Oct 1, 2024
A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as... Moderate Unreviewed
CVE-2024-9513 was published Oct 4, 2024
Django allows enumeration of user e-mail addresses Moderate
CVE-2024-45231 was published for Django (pip) Oct 8, 2024
Windows Cryptographic Information Disclosure Vulnerability Moderate Unreviewed
CVE-2024-43546 was published Oct 8, 2024
i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden... Low Unreviewed
CVE-2023-36325 was published Oct 9, 2024
Gradio performs a non-constant-time comparison when comparing hashes Moderate
CVE-2024-47869 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business... Moderate Unreviewed
CVE-2024-21206 was published Oct 15, 2024
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are... Low Unreviewed
CVE-2024-21251 was published Oct 15, 2024
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition... Low Unreviewed
CVE-2024-21208 was published Oct 15, 2024
Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported... Moderate Unreviewed
CVE-2024-21233 was published Oct 15, 2024
Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are... Low Unreviewed
CVE-2024-21210 was published Oct 15, 2024
In the Linux kernel, the following vulnerability has been resolved: icmp: change the order of... Moderate Unreviewed
CVE-2024-47678 was published Oct 21, 2024
Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware... Moderate Unreviewed
CVE-2024-48644 was published Oct 23, 2024
Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent... Moderate Unreviewed
CVE-2024-50382 was published Oct 23, 2024
Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent... Moderate Unreviewed
CVE-2024-50383 was published Oct 23, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database