Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
37
Go
2,526
Maven
5,000+
npm
4,189
NuGet
742
pip
3,968
Pub
12
RubyGems
947
Rust
1,030
Swift
39
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Loading
Timing Attack Vulnerability in SCRAM Authentication Moderate
CVE-2025-59432 was published for com.ongres.scram:scram-common (Maven) Sep 16, 2025
jorsol
In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding... Moderate Unreviewed
CVE-2025-49087 was published Jul 20, 2025
In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable... Moderate Unreviewed
CVE-2025-7396 was published Jul 19, 2025
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack,... Moderate Unreviewed
CVE-2025-27587 was published Jun 17, 2025
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations Moderate
CVE-2025-29780 was published for PostQuantum-Feldman-VSS (pip) Mar 14, 2025
DavidOsipov
Issue summary: A timing side-channel which could potentially allow recovering the private key... Moderate Unreviewed
CVE-2024-13176 was published Jan 20, 2025
A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This... High Unreviewed
CVE-2025-0306 was published Jan 9, 2025
Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications Moderate
CVE-2024-11862 was published for Devolutions.XTS.NET (NuGet) Nov 27, 2024
zer0x64 pdugre
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked... High Unreviewed
CVE-2023-46809 was published Sep 7, 2024
An issue was discovered in Matrix libolm (aka Olm) through 3.2.16. Cache-timing attacks can occur... High Unreviewed
CVE-2024-45192 was published Aug 22, 2024
Observable Timing Discrepancy in pypqc High
GHSA-hvh4-5qr6-3v7r was published for pypqc (pip) Jun 5, 2024
James-E-A
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication,... Moderate Unreviewed
CVE-2024-26306 was published May 14, 2024
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA)... Low Unreviewed
CVE-2023-33855 was published Mar 26, 2024
Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A... Moderate Unreviewed
CVE-2024-25964 was published Mar 25, 2024
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing... Moderate Unreviewed
CVE-2024-23170 was published Jan 31, 2024
Minerva timing attack on P-256 in python-ecdsa High
CVE-2024-23342 was published for ecdsa (pip) Jan 22, 2024
tomato42 levpachmanov
Marvin Attack: potential key recovery through timing sidechannels Moderate
CVE-2023-49092 was published for rsa (Rust) Nov 28, 2023
tomato42 lukas-braune
Marvin Attack: potential key recovery through timing sidechannels Moderate
GHSA-4grx-2x9w-596c was published for rsa (Rust) Nov 28, 2023
lukas-braune
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,... Critical Unreviewed
CVE-2020-35166 was published Jul 12, 2022
A flaw was found in all released versions of m2crypto, where they are vulnerable to... Moderate Unreviewed
CVE-2020-25657 was published May 24, 2022
The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can... Moderate Unreviewed
CVE-2020-14341 was published May 24, 2022
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user... Moderate Unreviewed
CVE-2016-7056 was published May 13, 2022
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT... High Unreviewed
CVE-2017-2624 was published May 13, 2022
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen... Moderate Unreviewed
CVE-2018-10844 was published May 13, 2022
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM... Moderate Unreviewed
CVE-2018-10846 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database