GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
372 advisories
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Moderate
CVE-2023-48795
was published
for
golang.org/x/crypto
(Go)
Dec 18, 2023
AsyncSSH vulnerable to Prefix Truncation Attack (a.k.a. Terrapin Attack) against ChaCha20-Poly1305 and Encrypt-then-MAC
Moderate
GHSA-hfmc-7525-mj55
was published
for
asyncssh
(pip)
Dec 18, 2023
ASAR Integrity bypass via filetype confusion in electron
Moderate
CVE-2023-44402
was published
for
electron
(npm)
Dec 1, 2023
json-web-token library is vulnerable to a JWT algorithm confusion attack
High
CVE-2023-48238
was published
for
json-web-token
(npm)
Nov 17, 2023
Attacker can cause Kyverno user to unintentionally consume insecure image
High
CVE-2023-47630
was published
for
github.com/kyverno/kyverno
(Go)
Nov 14, 2023
AsyncSSH Rogue Extension Negotiation
Moderate
CVE-2023-46445
was published
for
asyncssh
(pip)
Nov 9, 2023
Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability
High
CVE-2023-43800
was published
for
github.com/arduino/arduino-create-agent
(Go)
Oct 18, 2023
ProTip!
Advisories are also available from the
GraphQL API