GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
71 advisories
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication
Moderate
CVE-2025-59350
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 17, 2025
Timing Attack Vulnerability in SCRAM Authentication
Moderate
CVE-2025-59432
was published
for
com.ongres.scram:scram-common
(Maven)
Sep 16, 2025
httpsig-rs: HMAC verification is vulnerable to timing attack
Moderate
CVE-2025-59058
was published
for
httpsig
(Rust)
Sep 12, 2025
SignXML's signature verification with HMAC is vulnerable to a timing attack
Moderate
CVE-2025-48995
was published
for
signxml
(pip)
Jun 5, 2025
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
Low
CVE-2025-46570
was published
for
vllm
(pip)
May 28, 2025
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations
Moderate
CVE-2025-29780
was published
for
PostQuantum-Feldman-VSS
(pip)
Mar 14, 2025
Security Update for the OPC UA .NET Standard Stack
Moderate
CVE-2024-42512
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Mar 3, 2025
Gradio performs a non-constant-time comparison when comparing hashes
Moderate
CVE-2024-47869
was published
for
gradio
(pip)
Oct 10, 2024
basic-auth-connect's callback uses time unsafe string comparison
High
CVE-2024-47178
was published
for
basic-auth-connect
(npm)
Sep 30, 2024
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication
Low
CVE-2024-45052
was published
for
ethyca-fides
(pip)
Sep 4, 2024
open-telemetry has an Observable Timing Discrepancy
Moderate
CVE-2024-42368
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension
(Go)
Aug 13, 2024
Minerva timing attack on P-256 in python-ecdsa
High
CVE-2024-23342
was published
for
ecdsa
(pip)
Jan 22, 2024
ProTip!
Advisories are also available from the
GraphQL API