Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

439 advisories

Loading
In Content, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2023-21305 was published Oct 30, 2023
In UsageStatsService, there is a possible way to read installed 3rd party apps due to side... Moderate Unreviewed
CVE-2023-21319 was published Oct 30, 2023
In Activity Manager, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2023-21323 was published Oct 30, 2023
In Package Installer, there is a possible way to determine whether an app is installed, without... High Unreviewed
CVE-2023-21324 was published Oct 30, 2023
In InputMethod, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2023-21331 was published Oct 30, 2023
In Overlay Manager, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2023-21330 was published Oct 30, 2023
In Permission Manager, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2023-21327 was published Oct 30, 2023
In Device Policy, there is a possible way to verify if a particular admin app is registered on... Moderate Unreviewed
CVE-2023-21320 was published Oct 30, 2023
Using iterative requests an attacker was able to learn the size of an opaque response, as well as... Moderate Unreviewed
CVE-2023-5722 was published Oct 25, 2023
The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM,... Moderate Unreviewed
CVE-2022-25332 was published Oct 19, 2023
User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during... High Unreviewed
CVE-2023-36127 was published Oct 11, 2023
A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All... Moderate Unreviewed
CVE-2023-43623 was published Oct 10, 2023
Economizzer user enumeration vulnerability Moderate
CVE-2023-38871 was published for gugoan/economizzer (Composer) Sep 28, 2023
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software... Moderate Unreviewed
CVE-2023-44216 was published Sep 27, 2023
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated... High Unreviewed
CVE-2023-25529 was published Sep 20, 2023
User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this... Moderate Unreviewed
CVE-2023-4095 was published Sep 19, 2023
Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration Moderate
CVE-2023-41885 was published for piccolo (pip) Sep 12, 2023
Skelmis
User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could... Moderate Unreviewed
CVE-2023-3221 was published Sep 4, 2023
Username enumeration attack in goauthentik Moderate
CVE-2023-39522 was published for @goauthentik/api (npm) Aug 29, 2023
markrassamni
User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password... Critical Unreviewed
CVE-2023-40756 was published Aug 28, 2023
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a... High Unreviewed
CVE-2023-33850 was published Aug 22, 2023
The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login... High Unreviewed
CVE-2023-3604 was published Aug 21, 2023
Jenkins Tuleap Authentication Plugin non-constant time token comparison Low
CVE-2023-40343 was published for io.jenkins.plugins:tuleap-oauth (Maven) Aug 16, 2023
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the... Moderate Unreviewed
CVE-2023-20569 was published Aug 8, 2023
A potential power side-channel vulnerability in AMD processors may allow an authenticated... Moderate Unreviewed
CVE-2023-20583 was published Aug 1, 2023
ProTip! Advisories are also available from the GraphQL API