GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
439 advisories
Filter by severity
HashiCorp Vault and Vault Enterprise vulnerable to user enumeration
Moderate
CVE-2023-3462
was published
for
github.com/hashicorp/vault
(Go)
Aug 1, 2023
Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy
Moderate
Unreviewed
CVE-2023-37217
was published
Jul 30, 2023
User enumeration in On-premise SureMDM Solution on Windows deployment allows attacker to...
Moderate
Unreviewed
CVE-2023-3897
was published
Jul 25, 2023
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping...
High
Unreviewed
CVE-2023-3640
was published
Jul 24, 2023
A potential power side-channel vulnerability in some AMD processors may allow an authenticated...
Moderate
Unreviewed
CVE-2023-20575
was published
Jul 11, 2023
Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify...
Moderate
Unreviewed
CVE-2023-35698
was published
Jul 10, 2023
A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to...
Moderate
Unreviewed
CVE-2023-3529
was published
Jul 6, 2023
Under certain circumstances a C•CURE Portal user could enumerate user accounts in C•CURE 9000...
Moderate
Unreviewed
CVE-2021-36201
was published
Jul 6, 2023
TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability....
Moderate
Unreviewed
CVE-2023-3336
was published
Jul 5, 2023
The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a...
Moderate
Unreviewed
CVE-2023-3139
was published
Jul 4, 2023
AMI BMC contains a vulnerability in the IPMI
handler, where an unauthorized attacker can use...
Moderate
Unreviewed
CVE-2023-34344
was published
Jun 12, 2023
IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based...
High
Unreviewed
CVE-2023-32342
was published
May 31, 2023
Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy
Moderate
Unreviewed
CVE-2023-31186
was published
May 30, 2023
When supplied with a random MAC address, Snap One OvrC cloud servers will return...
Moderate
Unreviewed
CVE-2023-28412
was published
May 22, 2023
ginuerzh/gost vulnerable to Timing Attack
Moderate
CVE-2023-32691
was published
for
github.com/ginuerzh/gost
(Go)
May 22, 2023
Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215,...
Moderate
Unreviewed
CVE-2023-23449
was published
May 15, 2023
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be...
Moderate
Unreviewed
CVE-2022-40482
was published
Apr 25, 2023
A username enumeration issue was discovered in Medicine Tracker System 1.0. The login...
Moderate
Unreviewed
CVE-2023-30458
was published
Apr 24, 2023
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it...
Unknown
Unreviewed
CVE-2023-26556
was published
Apr 21, 2023
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side...
Unknown
Unreviewed
CVE-2023-26557
was published
Apr 21, 2023
A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions...
Moderate
Unreviewed
CVE-2023-27464
was published
Apr 11, 2023
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks
Moderate
CVE-2023-25000
was published
for
github.com/hashicorp/vault
(Go)
Mar 30, 2023
An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An Observable Response...
High
Unreviewed
CVE-2023-26071
was published
Mar 28, 2023
Argo CD authenticated but unauthorized users may enumerate Application names via the API
Moderate
CVE-2022-41354
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 23, 2023
Answer has Observable Response Discrepancy
Moderate
CVE-2023-1540
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
ProTip!
Advisories are also available from the
GraphQL API