Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
Django allows enumeration of user e-mail addresses Moderate
CVE-2024-45231 was published for Django (pip) Oct 8, 2024
Mautic allows users enumeration due to weak password login Moderate
CVE-2024-47059 was published for mautic/core (Composer) Sep 18, 2024
tomekkowalczyk patrykgruszka
escopecz rafibz007
OpaMiddleware does not filter HTTP OPTIONS requests Moderate
CVE-2024-40627 was published for fastapi-opa (pip) Jul 15, 2024
miceg
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames Moderate
CVE-2024-39912 was published for web-auth/webauthn-framework (Composer) Jul 15, 2024
marcriemer
CasaOS Username Enumeration - Bypass of CVE-2024-24766 Moderate
CVE-2024-28232 was published for github.com/IceWhaleTech/CasaOS-UserService (Go) Apr 1, 2024
DrDark1999
CasaOS Username Enumeration Moderate
CVE-2024-24766 was published for github.com/IceWhaleTech/CasaOS-UserService (Go) Mar 6, 2024
DrDark1999
Liferay Portal allows attackers to discover the existence of sites Moderate
CVE-2024-25146 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration Moderate
CVE-2023-41885 was published for piccolo (pip) Sep 12, 2023
Skelmis
Sulu Observable Response Discrepancy on Admin Login Moderate
CVE-2023-39343 was published for sulu/sulu (Composer) Aug 3, 2023
s23hck
Answer has Observable Response Discrepancy Moderate
CVE-2023-1540 was published for github.com/answerdev/answer (Go) Mar 21, 2023
vantage6 vulnerable to Observable Response Discrepancy Moderate
CVE-2022-39228 was published for vantage6 (pip) Feb 28, 2023
Kirby CMS vulnerable to user enumeration in the brute force protection Moderate
CVE-2022-39315 was published for getkirby/cms (Composer) Oct 18, 2022
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms Moderate
CVE-2022-39314 was published for getkirby/cms (Composer) Oct 18, 2022
florianmrz
Observable Response Discrepancy in Flask-AppBuilder Moderate
CVE-2022-21659 was published for Flask-AppBuilder (pip) Feb 1, 2022
SamWheating
Observable Response Discrepancy in Lost Password Service Moderate
CVE-2021-39189 was published for pimcore/pimcore (Composer) Sep 20, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database