GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Observable Response Discrepancy in Flask-AppBuilder
Moderate
CVE-2021-29621
was published
for
Flask-AppBuilder
(pip)
May 27, 2021
Observable Timing Discrepancy in aaugustin websockets library
Moderate
CVE-2021-33880
was published
for
websockets
(pip)
Jun 11, 2021
Observable Response Discrepancy in Flask-AppBuilder
Moderate
CVE-2022-21659
was published
for
Flask-AppBuilder
(pip)
Feb 1, 2022
Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)
High
CVE-2014-9720
was published
for
tornado
(pip)
May 17, 2022
wolfCrypt leaks cryptographic information via timing side channel
Moderate
CVE-2019-13628
was published
for
wolfcrypt
(pip)
May 24, 2022
cocagne pysrp vulnerable to side channel leaks
High
CVE-2021-4286
was published
for
srp
(pip)
Dec 27, 2022
vantage6 vulnerable to Observable Response Discrepancy
Moderate
CVE-2022-39228
was published
for
vantage6
(pip)
Feb 28, 2023
Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration
Moderate
CVE-2023-41885
was published
for
piccolo
(pip)
Sep 12, 2023
PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption
High
CVE-2023-52323
was published
for
pycryptodome
(pip)
Jan 5, 2024
Minerva timing attack on P-256 in python-ecdsa
High
CVE-2024-23342
was published
for
ecdsa
(pip)
Jan 22, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
High
CVE-2023-50782
was published
for
cryptography
(pip)
Feb 5, 2024
Django allows enumeration of user e-mail addresses
Moderate
CVE-2024-45231
was published
for
Django
(pip)
Oct 8, 2024
Gradio performs a non-constant-time comparison when comparing hashes
Moderate
CVE-2024-47869
was published
for
gradio
(pip)
Oct 10, 2024
ProTip!
Advisories are also available from the
GraphQL API