GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
Observable Response Discrepancy in Lost Password Service
Moderate
CVE-2021-39189
was published
for
pimcore/pimcore
(Composer)
Sep 20, 2021
Observable Response Discrepancy in Flask-AppBuilder
Moderate
CVE-2022-21659
was published
for
Flask-AppBuilder
(pip)
Feb 1, 2022
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms
Moderate
CVE-2022-39314
was published
for
getkirby/cms
(Composer)
Oct 18, 2022
Kirby CMS vulnerable to user enumeration in the brute force protection
Moderate
CVE-2022-39315
was published
for
getkirby/cms
(Composer)
Oct 18, 2022
vantage6 vulnerable to Observable Response Discrepancy
Moderate
CVE-2022-39228
was published
for
vantage6
(pip)
Feb 28, 2023
Answer has Observable Response Discrepancy
Moderate
CVE-2023-1540
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
Sulu Observable Response Discrepancy on Admin Login
Moderate
CVE-2023-39343
was published
for
sulu/sulu
(Composer)
Aug 3, 2023
Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration
Moderate
CVE-2023-41885
was published
for
piccolo
(pip)
Sep 12, 2023
Liferay Portal allows attackers to discover the existence of sites
Moderate
CVE-2024-25146
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
CasaOS Username Enumeration
Moderate
CVE-2024-24766
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Mar 6, 2024
CasaOS Username Enumeration - Bypass of CVE-2024-24766
Moderate
CVE-2024-28232
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Apr 1, 2024
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames
Moderate
CVE-2024-39912
was published
for
web-auth/webauthn-framework
(Composer)
Jul 15, 2024
OpaMiddleware does not filter HTTP OPTIONS requests
Moderate
CVE-2024-40627
was published
for
fastapi-opa
(pip)
Jul 15, 2024
Mautic allows users enumeration due to weak password login
Moderate
CVE-2024-47059
was published
for
mautic/core
(Composer)
Sep 18, 2024
Django allows enumeration of user e-mail addresses
Moderate
CVE-2024-45231
was published
for
Django
(pip)
Oct 8, 2024
ProTip!
Advisories are also available from the
GraphQL API