GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
pay-rails/pay: non-constant-time HMAC comparison in Paddle Billing webhook signature verifier
High
GHSA-mjgf-xj26-9qf9
was published
for
pay
(RubyGems)
Jul 1, 2026
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks.
These...
High
Unreviewed
CVE-2026-47373
was published
May 20, 2026
In memcached before 1.6.42, password data for SASL password database authentication has a timing...
High
Unreviewed
CVE-2026-47784
was published
May 20, 2026
In memcached before 1.6.42, username data for SASL password database authentication has a timing...
High
Unreviewed
CVE-2026-47783
was published
May 20, 2026
mcp-ssh-tool has file transfer path policy bypass and bearer token comparison hardening
High
GHSA-j7h9-2jh7-g967
was published
for
mcp-ssh-tool
(npm)
May 7, 2026
opentelemetry-collector-contrib's azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay
High
CVE-2026-42602
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension
(Go)
May 6, 2026
Spring Boot DevTools remote secret comparison is vulnerable to timing attacks
High
CVE-2026-40972
was published
for
org.springframework.boot:spring-boot-devtools
(Maven)
Apr 28, 2026
Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks.
For...
High
Unreviewed
CVE-2026-5086
was published
Apr 14, 2026
Doveadm credentials are verified using direct comparison which is susceptible to timing oracle...
High
Unreviewed
CVE-2026-27856
was published
Mar 27, 2026
phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack
High
CVE-2026-32935
was published
for
phpseclib/phpseclib
(Composer)
Mar 19, 2026
@perfood/couch-auth has an Observable Timing Discrepancy
High
CVE-2025-70949
was published
for
@perfood/couch-auth
(npm)
Mar 5, 2026
AWS-LC has Timing Side-Channel in AES-CCM Tag Verification
High
GHSA-65p9-r9h6-22vj
was published
for
aws-lc-fips-sys
(Rust)
Mar 3, 2026
OpenClaw has non-constant-time token comparison in hooks authentication
High
CVE-2026-28464
was published
for
openclaw
(npm)
Mar 2, 2026
In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache...
High
Unreviewed
CVE-2025-48630
was published
Mar 2, 2026
RustCrypto Utilities cmov: `thumbv6m-none-eabi` compiler emits non-constant time assembly when using `cmovnz`
High
CVE-2026-23519
was published
for
cmov
(Rust)
Jan 15, 2026
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow...
High
Unreviewed
CVE-2024-13939
was published
Mar 28, 2025
Duplicate Advisory: Authorization Bypass in OPC UA .NET Standard Stack
High
GHSA-qv5f-57gw-vx3h
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Feb 10, 2025
•
withdrawn
Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1...
High
Unreviewed
CVE-2024-31074
was published
Nov 13, 2024
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack...
High
Unreviewed
CVE-2024-7010
was published
Oct 29, 2024
basic-auth-connect's callback uses time unsafe string comparison
High
CVE-2024-47178
was published
for
basic-auth-connect
(npm)
Sep 30, 2024
Windows Kerberos Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-29995
was published
Aug 13, 2024
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
High
CVE-2023-50782
was published
for
cryptography
(pip)
Feb 5, 2024
Minerva timing attack on P-256 in python-ecdsa
High
CVE-2024-23342
was published
for
ecdsa
(pip)
Jan 22, 2024
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK...
High
Unreviewed
CVE-2023-5981
was published
Nov 28, 2023
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character
High
CVE-2015-20110
was published
for
generator-jhipster
(npm)
Oct 31, 2023
ProTip!
Advisories are also available from the
GraphQL API