GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
40 advisories
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication
Moderate
CVE-2025-59350
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 17, 2025
Timing Attack Vulnerability in SCRAM Authentication
Moderate
CVE-2025-59432
was published
for
com.ongres.scram:scram-common
(Maven)
Sep 16, 2025
httpsig-rs: HMAC verification is vulnerable to timing attack
Moderate
CVE-2025-59058
was published
for
httpsig
(Rust)
Sep 12, 2025
SignXML's signature verification with HMAC is vulnerable to a timing attack
Moderate
CVE-2025-48995
was published
for
signxml
(pip)
Jun 5, 2025
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations
Moderate
CVE-2025-29780
was published
for
PostQuantum-Feldman-VSS
(pip)
Mar 14, 2025
Security Update for the OPC UA .NET Standard Stack
Moderate
CVE-2024-42512
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Mar 3, 2025
Gradio performs a non-constant-time comparison when comparing hashes
Moderate
CVE-2024-47869
was published
for
gradio
(pip)
Oct 10, 2024
open-telemetry has an Observable Timing Discrepancy
Moderate
CVE-2024-42368
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension
(Go)
Aug 13, 2024
Observable timing discrepancy allows determining username validity in Jenkins
Moderate
CVE-2022-34174
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Observable Timing Discrepancy in totp-rs
Moderate
CVE-2022-29185
was published
for
totp-rs
(Rust)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API