Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

324 advisories

Loading
In Device Policy, there is a possible way to verify if a particular admin app is registered on... Moderate Unreviewed
CVE-2023-21320 was published Oct 30, 2023
In Package Manager Service, there is a possible way to determine whether an app is installed,... Moderate Unreviewed
CVE-2023-21326 was published Oct 30, 2023
In Overlay Manager, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2023-21330 was published Oct 30, 2023
In Usage Stats Service, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2022-20264 was published Oct 30, 2023
In ActivityManagerService, there is a possible way to determine whether an app is installed,... Moderate Unreviewed
CVE-2023-21301 was published Oct 30, 2023
In Content, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2023-21305 was published Oct 30, 2023
In UsageStatsService, there is a possible way to read installed 3rd party apps due to side... Moderate Unreviewed
CVE-2023-21319 was published Oct 30, 2023
In Activity Manager, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2023-21323 was published Oct 30, 2023
In InputMethod, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2023-21331 was published Oct 30, 2023
Using iterative requests an attacker was able to learn the size of an opaque response, as well as... Moderate Unreviewed
CVE-2023-5722 was published Oct 25, 2023
The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM,... Moderate Unreviewed
CVE-2022-25332 was published Oct 19, 2023
A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All... Moderate Unreviewed
CVE-2023-43623 was published Oct 10, 2023
Economizzer user enumeration vulnerability Moderate
CVE-2023-38871 was published for gugoan/economizzer (Composer) Sep 28, 2023
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software... Moderate Unreviewed
CVE-2023-44216 was published Sep 27, 2023
User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this... Moderate Unreviewed
CVE-2023-4095 was published Sep 19, 2023
Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration Moderate
CVE-2023-41885 was published for piccolo (pip) Sep 12, 2023
Skelmis
User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could... Moderate Unreviewed
CVE-2023-3221 was published Sep 4, 2023
Username enumeration attack in goauthentik Moderate
CVE-2023-39522 was published for @goauthentik/api (npm) Aug 29, 2023
markrassamni
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the... Moderate Unreviewed
CVE-2023-20569 was published Aug 8, 2023
A potential power side-channel vulnerability in AMD processors may allow an authenticated... Moderate Unreviewed
CVE-2023-20583 was published Aug 1, 2023
HashiCorp Vault and Vault Enterprise vulnerable to user enumeration Moderate
CVE-2023-3462 was published for github.com/hashicorp/vault (Go) Aug 1, 2023
Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy Moderate Unreviewed
CVE-2023-37217 was published Jul 30, 2023
User enumeration in On-premise SureMDM Solution on Windows deployment allows attacker to... Moderate Unreviewed
CVE-2023-3897 was published Jul 25, 2023
A potential power side-channel vulnerability in some AMD processors may allow an authenticated... Moderate Unreviewed
CVE-2023-20575 was published Jul 11, 2023
Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify... Moderate Unreviewed
CVE-2023-35698 was published Jul 10, 2023
ProTip! Advisories are also available from the GraphQL API