GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,297
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
112 advisories
Filter by severity
h3 has an observable timing discrepancy in basic auth utils
Moderate
CVE-2026-33129
was published
for
h3
(npm)
Mar 18, 2026
@perfood/couch-auth has an Observable Timing Discrepancy
High
CVE-2025-70949
was published
for
@perfood/couch-auth
(npm)
Mar 5, 2026
AWS-LC has Timing Side-Channel in AES-CCM Tag Verification
High
GHSA-65p9-r9h6-22vj
was published
for
aws-lc-fips-sys
(Rust)
Mar 3, 2026
OpenClaw: Unauthorized Telegram Senders Trigger Media Download and Disk Write Before Access Check
Moderate
GHSA-h656-5vcf-cm23
was published
for
openclaw
(npm)
Mar 3, 2026
OpenClaw has non-constant-time token comparison in hooks authentication
High
CVE-2026-28464
was published
for
openclaw
(npm)
Mar 2, 2026
OpenClaw: Config writes could persist resolved ${VAR} secrets to disk
Moderate
CVE-2026-28475
was published
for
openclaw
(npm)
Mar 2, 2026
OpenFUN Richie Observable Timing Discrepancy in its sync_course_run_from_request function
Moderate
CVE-2026-26717
was published
for
richie
(pip)
Feb 25, 2026
Hono added timing comparison hardening in basicAuth and bearerAuth
Low
GHSA-gq3j-xvxp-8hrf
was published
for
hono
(npm)
Feb 19, 2026
Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability
Low
CVE-2026-23901
was published
for
org.apache.shiro:shiro-core
(Maven)
Feb 10, 2026
PrestaShop affected by time based enumeration in FO login form
Moderate
CVE-2026-25597
was published
for
prestashop/prestashop
(Composer)
Feb 3, 2026
Django has Observable Timing Discrepancy
Low
CVE-2025-13473
was published
for
Django
(pip)
Feb 3, 2026
OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication
Moderate
CVE-2026-23892
was published
for
OctoPrint
(pip)
Jan 27, 2026
Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide
Moderate
CVE-2025-22234
was published
for
org.springframework.security:spring-security-core
(Maven)
Jan 22, 2026
FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection
Low
CVE-2026-23996
was published
for
fastapi-api-key
(pip)
Jan 21, 2026
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login
Moderate
CVE-2026-23849
was published
for
github.com/filebrowser/filebrowser
(Go)
Jan 21, 2026
RustCrypto Utilities cmov: `thumbv6m-none-eabi` compiler emits non-constant time assembly when using `cmovnz`
High
CVE-2026-23519
was published
for
cmov
(Rust)
Jan 15, 2026
Mattermost has an Observable Timing Discrepancy vulnerability
Low
CVE-2025-54499
was published
for
github.com/mattermost/mattermost-server
(Go)
Oct 16, 2025
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication
Moderate
CVE-2025-59350
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 17, 2025
Timing Attack Vulnerability in SCRAM Authentication
Moderate
CVE-2025-59432
was published
for
com.ongres.scram:scram-common
(Maven)
Sep 16, 2025
httpsig-rs: HMAC verification is vulnerable to timing attack
Moderate
CVE-2025-59058
was published
for
httpsig
(Rust)
Sep 12, 2025
Liferay Portal exposes ERC which can lead to exploit the time response attack
Moderate
CVE-2025-43786
was published
for
com.liferay:com.liferay.headless.admin.workflow.impl
(Maven)
Sep 9, 2025
Liferay Portal Username Enumeration Vulnerability
Moderate
CVE-2025-43754
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Aug 21, 2025
SignXML's signature verification with HMAC is vulnerable to a timing attack
Moderate
CVE-2025-48995
was published
for
signxml
(pip)
Jun 5, 2025
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
Low
CVE-2025-46570
was published
for
vllm
(pip)
May 28, 2025
Mattermost vulnerable to Observable Timing Discrepancy
Moderate
CVE-2025-27936
was published
for
github.com/mattermost/mattermost-plugin-msteams
(Go)
Apr 16, 2025
ProTip!
Advisories are also available from the
GraphQL API