Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

102 advisories

Loading
Mbed TLS through 3.6.4 has an Observable Timing Discrepancy. Moderate Unreviewed
CVE-2025-59438 was published Oct 21, 2025
Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct... Moderate Unreviewed
CVE-2025-54764 was published Oct 21, 2025
Mattermost has an Observable Timing Discrepancy vulnerability Low
CVE-2025-54499 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication Moderate
CVE-2025-59350 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
Timing Attack Vulnerability in SCRAM Authentication Moderate
CVE-2025-59432 was published for com.ongres.scram:scram-common (Maven) Sep 16, 2025
jorsol
Credited to jorsol
httpsig-rs: HMAC verification is vulnerable to timing attack Moderate
CVE-2025-59058 was published for httpsig (Rust) Sep 12, 2025
rasendubi
Credited to rasendubi
Liferay Portal exposes ERC which can lead to exploit the time response attack Moderate
CVE-2025-43786 was published for com.liferay:com.liferay.headless.admin.workflow.impl (Maven) Sep 9, 2025
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all... Moderate Unreviewed
CVE-2025-7383 was published Aug 29, 2025
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions... Moderate Unreviewed
CVE-2025-7071 was published Aug 29, 2025
Liferay Portal Username Enumeration Vulnerability Moderate
CVE-2025-43754 was published for com.liferay.portal:release.portal.bom (Maven) Aug 21, 2025
Observable timing discrepancy in firmware for some Intel(R) CSME and Intel(R) SPS may allow a... Moderate Unreviewed
CVE-2025-20067 was published Aug 12, 2025
SignXML's signature verification with HMAC is vulnerable to a timing attack Moderate
CVE-2025-48995 was published for signxml (pip) Jun 5, 2025
ahacker1-securesaml
Credited to ahacker1-securesaml
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching Low
CVE-2025-46570 was published for vllm (pip) May 28, 2025
russellb dr75
DarkLight1337
Credited to russellb, dr75, and DarkLight1337
Mattermost vulnerable to Observable Timing Discrepancy Moderate
CVE-2025-27936 was published for github.com/mattermost/mattermost-plugin-msteams (Go) Apr 16, 2025
Execution time for an unsuccessful login differs when using a non-existing username compared to... Low Unreviewed
CVE-2024-36469 was published Apr 2, 2025
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow... High Unreviewed
CVE-2024-13939 was published Mar 28, 2025
An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/... Moderate Unreviewed
CVE-2025-30344 was published Mar 21, 2025
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations Moderate
CVE-2025-29780 was published for PostQuantum-Feldman-VSS (pip) Mar 14, 2025
DavidOsipov
Credited to DavidOsipov
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to... Moderate Unreviewed
CVE-2024-22340 was published Mar 11, 2025
Security Update for the OPC UA .NET Standard Stack Moderate
CVE-2024-42512 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) Mar 3, 2025
TomTervoort AnonySE26
Credited to TomTervoort and AnonySE26
An issue was discovered in the Winbox service of MikroTik RouterOS v6.43 through v7.16.1. A... Moderate Unreviewed
CVE-2024-54772 was published Feb 12, 2025
Duplicate Advisory: Authorization Bypass in OPC UA .NET Standard Stack High
GHSA-qv5f-57gw-vx3h was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Feb 10, 2025 withdrawn
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing Moderate
CVE-2024-23953 was published for org.apache.hive:hive-llap-common (Maven) Jan 28, 2025
GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp... Moderate Unreviewed
CVE-2024-56738 was published Dec 29, 2024
Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1... High Unreviewed
CVE-2024-31074 was published Nov 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database