Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

112 advisories

Loading
h3 has an observable timing discrepancy in basic auth utils Moderate
CVE-2026-33129 was published for h3 (npm) Mar 18, 2026
simonkoeck Credited to simonkoeck
@perfood/couch-auth has an Observable Timing Discrepancy High
CVE-2025-70949 was published for @perfood/couch-auth (npm) Mar 5, 2026
AWS-LC has Timing Side-Channel in AES-CCM Tag Verification High
GHSA-65p9-r9h6-22vj was published for aws-lc-fips-sys (Rust) Mar 3, 2026
OpenClaw: Unauthorized Telegram Senders Trigger Media Download and Disk Write Before Access Check Moderate
GHSA-h656-5vcf-cm23 was published for openclaw (npm) Mar 3, 2026
v8hid Credited to v8hid
OpenClaw has non-constant-time token comparison in hooks authentication High
CVE-2026-28464 was published for openclaw (npm) Mar 2, 2026
akhmittra Credited to akhmittra
OpenClaw: Config writes could persist resolved ${VAR} secrets to disk Moderate
CVE-2026-28475 was published for openclaw (npm) Mar 2, 2026
Abeyron Credited to Abeyron
OpenFUN Richie Observable Timing Discrepancy in its sync_course_run_from_request function Moderate
CVE-2026-26717 was published for richie (pip) Feb 25, 2026
Hono added timing comparison hardening in basicAuth and bearerAuth Low
GHSA-gq3j-xvxp-8hrf was published for hono (npm) Feb 19, 2026
Exagone313 Credited to Exagone313
Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability Low
CVE-2026-23901 was published for org.apache.shiro:shiro-core (Maven) Feb 10, 2026
PrestaShop affected by time based enumeration in FO login form Moderate
CVE-2026-25597 was published for prestashop/prestashop (Composer) Feb 3, 2026
Django has Observable Timing Discrepancy Low
CVE-2025-13473 was published for Django (pip) Feb 3, 2026
OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication Moderate
CVE-2026-23892 was published for OctoPrint (pip) Jan 27, 2026
yueyueL Credited to yueyueL
Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide Moderate
CVE-2025-22234 was published for org.springframework.security:spring-security-core (Maven) Jan 22, 2026
FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection Low
CVE-2026-23996 was published for fastapi-api-key (pip) Jan 21, 2026
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login Moderate
CVE-2026-23849 was published for github.com/filebrowser/filebrowser (Go) Jan 21, 2026
GUCHIHACKER Credited to GUCHIHACKER and hacdias hacdias hacdias
NicsTr Credited to NicsTr
Mattermost has an Observable Timing Discrepancy vulnerability Low
CVE-2025-54499 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication Moderate
CVE-2025-59350 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi Credited to gaius-qi
Timing Attack Vulnerability in SCRAM Authentication Moderate
CVE-2025-59432 was published for com.ongres.scram:scram-common (Maven) Sep 16, 2025
jorsol Credited to jorsol
httpsig-rs: HMAC verification is vulnerable to timing attack Moderate
CVE-2025-59058 was published for httpsig (Rust) Sep 12, 2025
rasendubi Credited to rasendubi
Liferay Portal exposes ERC which can lead to exploit the time response attack Moderate
CVE-2025-43786 was published for com.liferay:com.liferay.headless.admin.workflow.impl (Maven) Sep 9, 2025
Liferay Portal Username Enumeration Vulnerability Moderate
CVE-2025-43754 was published for com.liferay.portal:release.portal.bom (Maven) Aug 21, 2025
SignXML's signature verification with HMAC is vulnerable to a timing attack Moderate
CVE-2025-48995 was published for signxml (pip) Jun 5, 2025
ahacker1-securesaml Credited to ahacker1-securesaml
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching Low
CVE-2025-46570 was published for vllm (pip) May 28, 2025
russellb Credited to russellb, dr75, and DarkLight1337 dr75 dr75
DarkLight1337 DarkLight1337
Mattermost vulnerable to Observable Timing Discrepancy Moderate
CVE-2025-27936 was published for github.com/mattermost/mattermost-plugin-msteams (Go) Apr 16, 2025
ProTip! Advisories are also available from the GraphQL API