GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Django allows enumeration of user e-mail addresses
Moderate
CVE-2024-45231
was published
for
Django
(pip)
Oct 8, 2024
Mautic allows users enumeration due to weak password login
Moderate
CVE-2024-47059
was published
for
mautic/core
(Composer)
Sep 18, 2024
OpaMiddleware does not filter HTTP OPTIONS requests
Moderate
CVE-2024-40627
was published
for
fastapi-opa
(pip)
Jul 15, 2024
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames
Moderate
CVE-2024-39912
was published
for
web-auth/webauthn-framework
(Composer)
Jul 15, 2024
CasaOS Username Enumeration - Bypass of CVE-2024-24766
Moderate
CVE-2024-28232
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Apr 1, 2024
Umbraco possible user enumeration
Low
CVE-2024-28868
was published
for
UmbracoCMS
(NuGet)
Mar 20, 2024
CasaOS Username Enumeration
Moderate
CVE-2024-24766
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Mar 6, 2024
Liferay Portal allows attackers to discover the existence of sites
Moderate
CVE-2024-25146
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration
Moderate
CVE-2023-41885
was published
for
piccolo
(pip)
Sep 12, 2023
Sulu Observable Response Discrepancy on Admin Login
Moderate
CVE-2023-39343
was published
for
sulu/sulu
(Composer)
Aug 3, 2023
Answer has Observable Response Discrepancy
Moderate
CVE-2023-1540
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
vantage6 vulnerable to Observable Response Discrepancy
Moderate
CVE-2022-39228
was published
for
vantage6
(pip)
Feb 28, 2023
Kirby CMS vulnerable to user enumeration in the brute force protection
Moderate
CVE-2022-39315
was published
for
getkirby/cms
(Composer)
Oct 18, 2022
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms
Moderate
CVE-2022-39314
was published
for
getkirby/cms
(Composer)
Oct 18, 2022
Observable Response Discrepancy in Flask-AppBuilder
Moderate
CVE-2022-21659
was published
for
Flask-AppBuilder
(pip)
Feb 1, 2022
Observable Response Discrepancy in Lost Password Service
Moderate
CVE-2021-39189
was published
for
pimcore/pimcore
(Composer)
Sep 20, 2021
Information Disclosure in Password Reset
Low
CVE-2020-11063
was published
for
typo3/cms
(Composer)
May 13, 2020
ProTip!
Advisories are also available from the
GraphQL API