Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,904
Maven
5,000+
npm
3,635
NuGet
638
pip
3,253
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+

10 advisories

Loading
devise Time-of-check Time-of-use Race Condition vulnerability Moderate
CVE-2019-5421 was published for devise (RubyGems) Mar 19, 2019
Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins Moderate
CVE-2021-21615 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard Moderate
CVE-2020-8867 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Aug 2, 2021
TOCTOU Race Condition in Yarn Moderate
CVE-2019-15608 was published for yarn (npm) Feb 9, 2022
Gradio apps vulnerable to timing attacks to guess password Moderate
CVE-2024-1729 was published for gradio (pip) Feb 22, 2024
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack Moderate
CVE-2024-28718 was published for magnum (pip) Apr 12, 2024
Podman Time-of-check Time-of-use (TOCTOU) Race Condition Moderate
CVE-2023-0778 was published for github.com/containers/podman/v4 (Go) Mar 27, 2023
Apache StreamPipes potentially allows creation of multiple identical accounts Moderate
CVE-2024-30471 was published for org.apache.streampipes:streampipes-parent (Maven) Jul 17, 2024
b2-sdk-python TOCTOU application key disclosure Moderate
CVE-2022-23651 was published for b2sdk (pip) Feb 24, 2022
janschejbal
B2 Command Line Tool TOCTOU application key disclosure Moderate
CVE-2022-23653 was published for b2 (pip) Feb 24, 2022
janschejbal
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database