Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,982
Maven
5,000+
npm
4,677
NuGet
788
pip
4,321
Pub
12
RubyGems
986
Rust
1,133
Swift
49
Unreviewed advisories
All unreviewed
5,000+

111 advisories

Loading
Apache Shiro Affected by an Observable Timing Discrepancy Vulnerability Low
CVE-2026-23901 was published for org.apache.shiro:shiro-core (Maven) Feb 10, 2026
PrestaShop affected by time based enumeration in FO login form Moderate
CVE-2026-25597 was published for prestashop/prestashop (Composer) Feb 3, 2026
Django has Observable Timing Discrepancy Low
CVE-2025-13473 was published for Django (pip) Feb 3, 2026
OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication Moderate
CVE-2026-23892 was published for OctoPrint (pip) Jan 27, 2026
yueyueL
Credited to yueyueL
Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide Moderate
CVE-2025-22234 was published for org.springframework.security:spring-security-core (Maven) Jan 22, 2026
FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection Low
CVE-2026-23996 was published for fastapi-api-key (pip) Jan 21, 2026
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login Moderate
CVE-2026-23849 was published for github.com/filebrowser/filebrowser (Go) Jan 21, 2026
GUCHIHACKER hacdias
Credited to GUCHIHACKER and hacdias
RustCrypto Utilities cmov: `thumbv6m-none-eabi` compiler emits non-constant time assembly when using `cmovnz` High
CVE-2026-23519 was published for cmov (Rust) Jan 15, 2026
NicsTr
Credited to NicsTr
Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical... Moderate Unreviewed
CVE-2025-52457 was published Nov 18, 2025
Mbed TLS through 3.6.4 has an Observable Timing Discrepancy. Moderate Unreviewed
CVE-2025-59438 was published Oct 21, 2025
Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct... Moderate Unreviewed
CVE-2025-54764 was published Oct 21, 2025
Mattermost has an Observable Timing Discrepancy vulnerability Low
CVE-2025-54499 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication Moderate
CVE-2025-59350 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
Timing Attack Vulnerability in SCRAM Authentication Moderate
CVE-2025-59432 was published for com.ongres.scram:scram-common (Maven) Sep 16, 2025
jorsol
Credited to jorsol
httpsig-rs: HMAC verification is vulnerable to timing attack Moderate
CVE-2025-59058 was published for httpsig (Rust) Sep 12, 2025
rasendubi
Credited to rasendubi
Liferay Portal exposes ERC which can lead to exploit the time response attack Moderate
CVE-2025-43786 was published for com.liferay:com.liferay.headless.admin.workflow.impl (Maven) Sep 9, 2025
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all... Moderate Unreviewed
CVE-2025-7383 was published Aug 29, 2025
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions... Moderate Unreviewed
CVE-2025-7071 was published Aug 29, 2025
Liferay Portal Username Enumeration Vulnerability Moderate
CVE-2025-43754 was published for com.liferay.portal:release.portal.bom (Maven) Aug 21, 2025
Observable timing discrepancy in firmware for some Intel(R) CSME and Intel(R) SPS may allow a... Moderate Unreviewed
CVE-2025-20067 was published Aug 12, 2025
SignXML's signature verification with HMAC is vulnerable to a timing attack Moderate
CVE-2025-48995 was published for signxml (pip) Jun 5, 2025
ahacker1-securesaml
Credited to ahacker1-securesaml
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching Low
CVE-2025-46570 was published for vllm (pip) May 28, 2025
russellb dr75
DarkLight1337
Credited to russellb, dr75, and DarkLight1337
Mattermost vulnerable to Observable Timing Discrepancy Moderate
CVE-2025-27936 was published for github.com/mattermost/mattermost-plugin-msteams (Go) Apr 16, 2025
Execution time for an unsuccessful login differs when using a non-existing username compared to... Low Unreviewed
CVE-2024-36469 was published Apr 2, 2025
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow... High Unreviewed
CVE-2024-13939 was published Mar 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database