GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
PHPECC vulnerable to multiple cryptographic side-channel attacks
Critical
GHSA-346h-749j-r28w
was published
for
mdanter/ecc
(Composer)
Apr 25, 2024
Pagekit User enumeration
Moderate
CVE-2019-16669
was published
for
pagekit/pagekit
(Composer)
May 24, 2022
phpMyAdmin Unsafe comparison of XSRF/CSRF token
High
CVE-2016-2041
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Prevent user enumeration using Guard or the new Authenticator-based Security
Moderate
CVE-2021-21424
was published
for
lexik/jwt-authentication-bundle
(Composer)
May 13, 2021
Symfony Http-Kernel has non-constant time comparison in UriSigner
High
CVE-2019-18887
was published
for
symfony/http-kernel
(Composer)
Mar 26, 2022
Magento Signature verification bypass
High
CVE-2020-9588
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento observable timing discrepancy vulnerability
Moderate
CVE-2020-9690
was published
for
magento/community-edition
(Composer)
May 24, 2022
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation
Low
CVE-2023-50708
was published
for
yiisoft/yii2-authclient
(Composer)
Dec 18, 2023
Economizzer user enumeration vulnerability
Moderate
CVE-2023-38871
was published
for
gugoan/economizzer
(Composer)
Sep 28, 2023
Barzahlen Payment Module PHP SDK vulnerable to Observable Timing Discrepancy
Moderate
CVE-2016-15015
was published
for
barzahlen/barzahlen-php
(Composer)
Jan 8, 2023
Exposure of Sensitive Information in snipe/snipe-it
Moderate
CVE-2022-0569
was published
for
snipe/snipe-it
(Composer)
Feb 15, 2022
Discoverability of user password hash in Statamic CMS
Low
CVE-2022-24784
was published
for
statamic/cms
(Composer)
Mar 29, 2022
Snipe-IT allows attackers to check whether a user account exists
Moderate
CVE-2022-44381
was published
for
snipe/snipe-it
(Composer)
Dec 25, 2022
Pterodactyl vulnerable to 2FA Sniffing
High
CVE-2019-1020002
was published
for
pterodactyl/panel
(Composer)
May 24, 2022
Observable Response Discrepancy in Lost Password Service
Moderate
CVE-2021-39189
was published
for
pimcore/pimcore
(Composer)
Sep 20, 2021
Observable Timing Discrepancy in OpenMage LTS
High
CVE-2020-15151
was published
for
openmage/magento-lts
(Composer)
Aug 19, 2020
User enumeration leak using switch user functionality in Symfony
Moderate
CVE-2019-18886
was published
for
symfony/security-http
(Composer)
Dec 2, 2019
TYPO3 CMS vulnerable to User Enumeration via Response Timing
Moderate
CVE-2022-36105
was published
for
typo3/cms
(Composer)
Sep 16, 2022
/user/sessions endpoint allows detecting valid accounts
High
GHSA-gmrf-99gw-vvwj
was published
for
ezsystems/ezpublish-kernel
(Composer)
Mar 11, 2021
/user/sessions endpoint allows detecting valid accounts
High
GHSA-7vwg-39h8-8qp8
was published
for
ezsystems/ezplatform-rest
(Composer)
Mar 11, 2021
Timing attacks might allow practical recovery of the long-term private key
High
CVE-2019-10764
was published
for
simplito/elliptic-php
(Composer)
Nov 20, 2019
ProTip!
Advisories are also available from the
GraphQL API