GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
53 advisories
Filter by severity
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses...
Low
Unreviewed
CVE-2026-15041
was published
Jul 8, 2026
CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time...
Low
Unreviewed
CVE-2026-13758
was published
Jun 29, 2026
In memcached before 1.6.42, username data for SASL password database authentication has a timing...
High
Unreviewed
CVE-2026-47783
was published
May 20, 2026
Doveadm credentials are verified using direct comparison which is susceptible to timing oracle...
High
Unreviewed
CVE-2026-27856
was published
Mar 27, 2026
A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not...
Low
Unreviewed
CVE-2026-5419
was published
Jun 1, 2026
Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When decrypting PKCS#7 EnvelopedData...
Moderate
Unreviewed
CVE-2026-6291
was published
Jun 25, 2026
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute...
Low
Unreviewed
CVE-2023-20540
was published
Jun 26, 2026
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute...
Moderate
Unreviewed
CVE-2023-20572
was published
Jun 26, 2026
Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb...
Moderate
Unreviewed
CVE-2026-54411
was published
Jun 14, 2026
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks.
These versions...
Moderate
Unreviewed
CVE-2017-20240
was published
Jun 12, 2026
Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing...
Unknown
Unreviewed
CVE-2026-5091
was published
May 22, 2026
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks.
These...
High
Unreviewed
CVE-2026-47373
was published
May 20, 2026
Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which...
Moderate
Unreviewed
CVE-2026-44061
was published
May 21, 2026
In memcached before 1.6.42, password data for SASL password database authentication has a timing...
High
Unreviewed
CVE-2026-47784
was published
May 20, 2026
A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user...
Moderate
Unreviewed
CVE-2026-21713
was published
Mar 30, 2026
A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest...
Moderate
Unreviewed
CVE-2026-33006
was published
May 4, 2026
Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks.
For...
High
Unreviewed
CVE-2026-5086
was published
Apr 14, 2026
Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy...
Moderate
Unreviewed
CVE-2021-21575
was published
Feb 2, 2024
The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM,...
Moderate
Unreviewed
CVE-2022-25332
was published
Oct 19, 2023
In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache...
High
Unreviewed
CVE-2025-48630
was published
Mar 2, 2026
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be...
Moderate
Unreviewed
CVE-2024-2467
was published
Apr 25, 2024
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may...
Moderate
Unreviewed
CVE-2024-2236
was published
Mar 7, 2024
A timing-based side-channel exists in the rust-openssl package, which could be sufficient to...
Moderate
Unreviewed
CVE-2024-3296
was published
Apr 4, 2024
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK...
High
Unreviewed
CVE-2023-5981
was published
Nov 28, 2023
Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical...
Moderate
Unreviewed
CVE-2025-52457
was published
Nov 18, 2025
ProTip!
Advisories are also available from the
GraphQL API