GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
Apache Tomcat - AJP secret compared in non-constant time
Low
CVE-2026-43514
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 12, 2026
Spring Boot DevTools remote secret comparison is vulnerable to timing attacks
High
CVE-2026-40972
was published
for
org.springframework.boot:spring-boot-devtools
(Maven)
Apr 28, 2026
Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider
Low
CVE-2026-22746
was published
for
org.springframework.security:spring-security-core
(Maven)
Apr 22, 2026
Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability
Low
CVE-2026-23901
was published
for
org.apache.shiro:shiro-core
(Maven)
Feb 10, 2026
Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide
Moderate
CVE-2025-22234
was published
for
org.springframework.security:spring-security-core
(Maven)
Jan 22, 2026
Timing Attack Vulnerability in SCRAM Authentication
Moderate
CVE-2025-59432
was published
for
com.ongres.scram:scram-common
(Maven)
Sep 16, 2025
Liferay Portal exposes ERC which can lead to exploit the time response attack
Moderate
CVE-2025-43786
was published
for
com.liferay:com.liferay.headless.admin.workflow.impl
(Maven)
Sep 9, 2025
Liferay Portal Username Enumeration Vulnerability
Moderate
CVE-2025-43754
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Aug 21, 2025
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing
Moderate
CVE-2024-23953
was published
for
org.apache.hive:hive-llap-common
(Maven)
Jan 28, 2025
Jenkins Gogs Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46657
was published
for
org.jenkins-ci.plugins:gogs-webhook
(Maven)
Oct 25, 2023
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46656
was published
for
igalg.jenkins.plugins:multibranch-scan-webhook-trigger
(Maven)
Oct 25, 2023
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison
Low
CVE-2023-46658
was published
for
io.jenkins.plugins:teams-webhook-trigger
(Maven)
Oct 25, 2023
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin
Low
CVE-2023-46660
was published
for
org.jenkins-ci.plugins:zanata
(Maven)
Oct 25, 2023
OpenSearch has time discrepancy in authentication responses
Moderate
CVE-2023-25806
was published
for
org.opensearch.plugin:opensearch-security
(Maven)
Mar 7, 2023
Observable timing discrepancy in JOpenId
High
CVE-2010-10006
was published
for
org.expressme:JOpenId
(Maven)
Jan 18, 2023
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator
High
CVE-2022-3143
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
Jan 13, 2023
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin
Low
CVE-2022-43412
was published
for
org.jenkins-ci.plugins:generic-webhook-trigger
(Maven)
Oct 19, 2022
Non-constant time webhook token comparison in Jenkins GitLab Plugin
Low
CVE-2022-43411
was published
for
org.jenkins-ci.plugins:gitlab-plugin
(Maven)
Oct 19, 2022
Jenkins GitHub plugin uses weak webhook signature function
Low
CVE-2022-36885
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
Jul 28, 2022
Observable timing discrepancy allows determining username validity in Jenkins
Moderate
CVE-2022-34174
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Non-constant time HMAC comparison
Moderate
CVE-2020-2102
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Non-constant time comparison of inbound TCP agent connection secret
Moderate
CVE-2020-2101
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Apache Hive Information Exposure and Observable Timing Discrepancy
Moderate
CVE-2020-1926
was published
for
org.apache.hive:hive
(Maven)
Feb 9, 2022
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin
Low
CVE-2022-23106
was published
for
io.jenkins:configuration-as-code
(Maven)
Jan 21, 2022
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18
Moderate
CVE-2021-31404
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
ProTip!
Advisories are also available from the
GraphQL API