Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

494 advisories

Loading
Prevent user enumeration using Guard or the new Authenticator-based Security Moderate
CVE-2021-21424 was published for lexik/jwt-authentication-bundle (Composer) May 13, 2021
jamesisaac mbrodala
chalasr
Observable Differences in Behavior to Error Inputs in Bouncy Castle Moderate
CVE-2020-26939 was published for org.bouncycastle:bc-fips (Maven) Apr 22, 2021
ebickle
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime Moderate
CVE-2021-29446 was published for jose-node-cjs-runtime (npm) Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime Moderate
CVE-2021-29445 was published for jose-node-esm-runtime (npm) Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime Moderate
CVE-2021-29444 was published for jose-browser-runtime (npm) Apr 19, 2021
Padding Oracle Attack due to Observable Timing Discrepancy in jose Moderate
CVE-2021-29443 was published for jose (npm) Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 Moderate
CVE-2021-31404 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8 Moderate
CVE-2021-31403 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 Moderate
CVE-2021-31406 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
/user/sessions endpoint allows detecting valid accounts High
GHSA-gmrf-99gw-vvwj was published for ezsystems/ezpublish-kernel (Composer) Mar 11, 2021
/user/sessions endpoint allows detecting valid accounts High
GHSA-7vwg-39h8-8qp8 was published for ezsystems/ezplatform-rest (Composer) Mar 11, 2021
Possible timing attack in derivation_endpoint Moderate
CVE-2020-15237 was published for shrine (RubyGems) Oct 5, 2020
esparta
Observable Timing Discrepancy in OpenMage LTS High
CVE-2020-15151 was published for openmage/magento-lts (Composer) Aug 19, 2020
Flyingmana theroch
Possible Information Leak / Session Hijack Vulnerability in Rack Moderate
CVE-2019-16782 was published for rack (RubyGems) Dec 18, 2019
will
User enumeration leak using switch user functionality in Symfony Moderate
CVE-2019-18886 was published for symfony/security-http (Composer) Dec 2, 2019
Timing attacks might allow practical recovery of the long-term private key High
CVE-2019-10764 was published for simplito/elliptic-php (Composer) Nov 20, 2019
Timing attack on HMAC signature comparison in Apache Tapestry Critical
CVE-2019-10071 was published for org.apache.tapestry:tapestry-core (Maven) Sep 26, 2019
Jetty vulnerable to exposure of sensitive information due to observable discrepancy High
CVE-2017-9735 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
westonsteimel
rack-protection gem timing attack vulnerability when validating CSRF token Moderate
CVE-2018-1000119 was published for rack-protection (RubyGems) Mar 7, 2018
ProTip! Advisories are also available from the GraphQL API