GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
FileBrowser Quantum has Username Enumeration via Authentication Timing Side-Channel
Moderate
CVE-2026-54685
was published
for
github.com/gtsteffaniak/filebrowser/backend
(Go)
Mar 24, 2026
opentelemetry-collector-contrib's azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay
High
CVE-2026-42602
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension
(Go)
May 6, 2026
Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening
Critical
GHSA-9h64-2846-7x7f
was published
for
github.com/getaxonflow/axonflow
(Go)
May 6, 2026
Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware
Moderate
CVE-2026-41263
was published
for
github.com/traefik/traefik
(Go)
Apr 24, 2026
Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel
Low
CVE-2026-40263
was published
for
github.com/enchant97/note-mark/backend
(Go)
Apr 13, 2026
Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration
Moderate
CVE-2026-32595
was published
for
github.com/traefik/traefik
(Go)
Mar 20, 2026
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login
Moderate
CVE-2026-23849
was published
for
github.com/filebrowser/filebrowser
(Go)
Jan 21, 2026
Mattermost has an Observable Timing Discrepancy vulnerability
Low
CVE-2025-54499
was published
for
github.com/mattermost/mattermost-server
(Go)
Oct 16, 2025
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication
Moderate
CVE-2025-59350
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 17, 2025
Mattermost vulnerable to Observable Timing Discrepancy
Moderate
CVE-2025-27936
was published
for
github.com/mattermost/mattermost-plugin-msteams
(Go)
Apr 16, 2025
open-telemetry has an Observable Timing Discrepancy
Moderate
CVE-2024-42368
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension
(Go)
Aug 13, 2024
OpenShift OSIN vulnerable to Observable Timing Discrepancy
Moderate
CVE-2021-4294
was published
for
github.com/openshift/osin
(Go)
Dec 28, 2022
Harbor timing attack risk
Moderate
CVE-2023-20902
was published
for
github.com/goharbor/harbor
(Go)
Oct 10, 2023
easy-scrypt Observable Timing Discrepancy vulnerability
Moderate
CVE-2014-125055
was published
for
github.com/agnivade/easy-scrypt
(Go)
Jan 7, 2023
Atlantis Events vulnerable to Timing Attack
High
CVE-2022-24912
was published
for
github.com/runatlantis/atlantis
(Go)
Jul 30, 2022
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks
Moderate
CVE-2023-25000
was published
for
github.com/hashicorp/vault
(Go)
Mar 30, 2023
Answer has Observable Timing Discrepancy
Moderate
CVE-2023-1538
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
ProTip!
Advisories are also available from the
GraphQL API