Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

299 advisories

Loading
In Kaden PICOFLUX Air in all known versions an information exposure through observable... Moderate Unreviewed
CVE-2021-34576 was published May 24, 2022
NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized... Moderate Unreviewed
CVE-2021-1109 was published May 24, 2022
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information... Moderate Unreviewed
CVE-2021-35477 was published May 24, 2022
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information... Moderate Unreviewed
CVE-2021-34556 was published May 24, 2022
An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular... Moderate Unreviewed
CVE-2020-36421 was published May 24, 2022
An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for... Moderate Unreviewed
CVE-2020-36424 was published May 24, 2022
An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC... Moderate Unreviewed
CVE-2020-36422 was published May 24, 2022
In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system... Moderate Unreviewed
CVE-2021-24116 was published May 24, 2022
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding... Moderate Unreviewed
CVE-2021-24119 was published May 24, 2022
In Rust SGX 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level ... Moderate Unreviewed
CVE-2021-24117 was published May 24, 2022
Observable behavioral discrepancy vulnerability in QSAN Storage Manager allows remote attackers... Moderate Unreviewed
CVE-2021-32528 was published May 24, 2022
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g.,... Moderate Unreviewed
CVE-2021-33624 was published May 24, 2022
Potential floating point value injection in all supported CPU products, in conjunction with... Moderate Unreviewed
CVE-2021-26314 was published May 24, 2022
Potential speculative code store bypass in all supported CPU products, in conjunction with... Moderate Unreviewed
CVE-2021-26313 was published May 24, 2022
Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized... Moderate Unreviewed
CVE-2021-0001 was published May 24, 2022
Observable response discrepancy in some Intel(R) Processors may allow an authorized user to... Moderate Unreviewed
CVE-2021-0089 was published May 24, 2022
Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11... Moderate Unreviewed
CVE-2021-0086 was published May 24, 2022
Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against... Moderate Unreviewed
CVE-2020-27211 was published May 24, 2022
IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a... Moderate Unreviewed
CVE-2021-29687 was published May 24, 2022
An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR... Moderate Unreviewed
CVE-2021-27342 was published May 24, 2022
A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker... Moderate Unreviewed
CVE-2021-1486 was published May 24, 2022
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal... Moderate Unreviewed
CVE-2021-31866 was published May 24, 2022
When binding against a DN during authentication, the reply from 389-ds-base will be different... Moderate Unreviewed
CVE-2020-35518 was published May 24, 2022
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs... Moderate Unreviewed
CVE-2020-27170 was published May 24, 2022
Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a... Moderate Unreviewed
CVE-2021-21181 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database