Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms Moderate
CVE-2022-39314 was published for getkirby/cms (Composer) Oct 18, 2022
florianmrz
Observable Response Discrepancy in Lost Password Service Moderate
CVE-2021-39189 was published for pimcore/pimcore (Composer) Sep 20, 2021
vantage6 vulnerable to Observable Response Discrepancy Moderate
CVE-2022-39228 was published for vantage6 (pip) Feb 28, 2023
Answer has Observable Response Discrepancy Moderate
CVE-2023-1540 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Kirby CMS vulnerable to user enumeration in the brute force protection Moderate
CVE-2022-39315 was published for getkirby/cms (Composer) Oct 18, 2022
Sulu Observable Response Discrepancy on Admin Login Moderate
CVE-2023-39343 was published for sulu/sulu (Composer) Aug 3, 2023
s23hck
Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration Moderate
CVE-2023-41885 was published for piccolo (pip) Sep 12, 2023
Skelmis
Liferay Portal allows attackers to discover the existence of sites Moderate
CVE-2024-25146 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
CasaOS Username Enumeration Moderate
CVE-2024-24766 was published for github.com/IceWhaleTech/CasaOS-UserService (Go) Mar 6, 2024
DrDark1999
CasaOS Username Enumeration - Bypass of CVE-2024-24766 Moderate
CVE-2024-28232 was published for github.com/IceWhaleTech/CasaOS-UserService (Go) Apr 1, 2024
DrDark1999
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames Moderate
CVE-2024-39912 was published for web-auth/webauthn-framework (Composer) Jul 15, 2024
marcriemer
OpaMiddleware does not filter HTTP OPTIONS requests Moderate
CVE-2024-40627 was published for fastapi-opa (pip) Jul 15, 2024
miceg
Mautic allows users enumeration due to weak password login Moderate
CVE-2024-47059 was published for mautic/core (Composer) Sep 18, 2024
tomekkowalczyk patrykgruszka
escopecz rafibz007
ProTip! Advisories are also available from the GraphQL API