Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

52 advisories

Loading
A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the... High Unreviewed
CVE-2022-22520 was published Sep 15, 2022
A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1,... Moderate Unreviewed
CVE-2022-31248 was published Jun 23, 2022
A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9... Moderate Unreviewed
CVE-2022-41697 was published Dec 22, 2022
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms Moderate
CVE-2022-39314 was published for getkirby/cms (Composer) Oct 18, 2022
florianmrz
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users... High Unreviewed
CVE-2021-34580 was published May 24, 2022
All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to... Moderate Unreviewed
CVE-2022-1989 was published Aug 24, 2022
Observable Response Discrepancy in Lost Password Service Moderate
CVE-2021-39189 was published for pimcore/pimcore (Composer) Sep 20, 2021
vantage6 vulnerable to Observable Response Discrepancy Moderate
CVE-2022-39228 was published for vantage6 (pip) Feb 28, 2023
Answer has Observable Response Discrepancy Moderate
CVE-2023-1540 was published for github.com/answerdev/answer (Go) Mar 21, 2023
A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions... Moderate Unreviewed
CVE-2023-27464 was published Apr 11, 2023
Kirby CMS vulnerable to user enumeration in the brute force protection Moderate
CVE-2022-39315 was published for getkirby/cms (Composer) Oct 18, 2022
Sulu Observable Response Discrepancy on Admin Login Moderate
CVE-2023-39343 was published for sulu/sulu (Composer) Aug 3, 2023
s23hck
Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration Moderate
CVE-2023-41885 was published for piccolo (pip) Sep 12, 2023
Skelmis
A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate... Moderate Unreviewed
CVE-2022-0564 was published Feb 22, 2022
An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an... Moderate Unreviewed
CVE-2023-23584 was published Dec 19, 2023
Information Disclosure in Password Reset Low
CVE-2020-11063 was published for typo3/cms (Composer) May 13, 2020
NeoBlack
Liferay Portal allows attackers to discover the existence of sites Moderate
CVE-2024-25146 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable... Moderate Unreviewed
CVE-2023-50306 was published Feb 20, 2024
IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to... Moderate Unreviewed
CVE-2023-38362 was published Mar 4, 2024
CasaOS Username Enumeration Moderate
CVE-2024-24766 was published for github.com/IceWhaleTech/CasaOS-UserService (Go) Mar 6, 2024
DrDark1999
A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as... Low Unreviewed
CVE-2024-2482 was published Mar 15, 2024
User enumeration vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier.... Moderate Unreviewed
CVE-2024-1145 was published Mar 19, 2024
CasaOS Username Enumeration - Bypass of CVE-2024-24766 Moderate
CVE-2024-28232 was published for github.com/IceWhaleTech/CasaOS-UserService (Go) Apr 1, 2024
DrDark1999
Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215,... Moderate Unreviewed
CVE-2023-23449 was published May 15, 2023
When supplied with a random MAC address, Snap One OvrC cloud servers will return... Moderate Unreviewed
CVE-2023-28412 was published May 22, 2023
ProTip! Advisories are also available from the GraphQL API