Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,409
Erlang
33
GitHub Actions
22
Go
2,144
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

68 advisories

Loading
IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable... Moderate Unreviewed
CVE-2023-50306 was published Feb 20, 2024
Umbraco possible user enumeration Low
CVE-2024-28868 was published for UmbracoCMS (NuGet) Mar 20, 2024
poan21
A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or... Moderate Unreviewed
CVE-2025-1101 was published Feb 12, 2025
Pimcore Admin Classic Bundle allows user enumeration Moderate
CVE-2025-24980 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 7, 2025
Ayman-Rayan
SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that... Moderate Unreviewed
CVE-2025-23193 was published Feb 11, 2025
An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through... Moderate Unreviewed
CVE-2024-36510 was published Jan 14, 2025
IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an... Moderate Unreviewed
CVE-2023-37413 was published Jan 29, 2025
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an... Moderate Unreviewed
CVE-2023-47159 was published Jan 27, 2025
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due... Moderate Unreviewed
CVE-2024-35114 was published Jan 25, 2025
Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force... Moderate Unreviewed
CVE-2025-0693 was published Jan 24, 2025
HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user... Low Unreviewed
CVE-2024-42174 was published Jan 11, 2025
IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to... Moderate Unreviewed
CVE-2023-27283 was published May 4, 2024
IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to... Moderate Unreviewed
CVE-2023-38362 was published Mar 4, 2024
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames... Moderate Unreviewed
CVE-2021-20556 was published May 3, 2024
Information Disclosure in Password Reset Low
CVE-2020-11063 was published for typo3/cms (Composer) May 13, 2020
NeoBlack ohader
vantage6 vulnerable to Observable Response Discrepancy Moderate
CVE-2022-39228 was published for vantage6 (pip) Feb 28, 2023
A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as... Moderate Unreviewed
CVE-2024-6056 was published Jun 17, 2024
A vulnerability in the web-based management interface of Cisco ECE could allow an... Moderate Unreviewed
CVE-2022-20633 was published Nov 15, 2024
Observable Response Discrepancy vulnerability in HumHub GmbH & Co. KG - HumHub on Linux allows:... Moderate Unreviewed
CVE-2024-52043 was published Nov 6, 2024
Django allows enumeration of user e-mail addresses Moderate
CVE-2024-45231 was published for Django (pip) Oct 8, 2024
The goTenna Pro ATAK Plugin has a payload length vulnerability that makes it possible to tell... Moderate Unreviewed
CVE-2024-41715 was published Sep 26, 2024
The goTenna Pro has a payload length vulnerability that makes it possible to tell the length of... Moderate Unreviewed
CVE-2024-47129 was published Sep 26, 2024
IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an... Moderate Unreviewed
CVE-2023-46170 was published Mar 7, 2024
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that... Moderate Unreviewed
CVE-2024-8651 was published Sep 19, 2024
Observable Response Discrepancy in Flask-AppBuilder Moderate
CVE-2022-21659 was published for Flask-AppBuilder (pip) Feb 1, 2022
SamWheating
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database