Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

439 advisories

Loading
HashiCorp Vault and Vault Enterprise vulnerable to user enumeration Moderate
CVE-2023-3462 was published for github.com/hashicorp/vault (Go) Aug 1, 2023
Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy Moderate Unreviewed
CVE-2023-37217 was published Jul 30, 2023
User enumeration in On-premise SureMDM Solution on Windows deployment allows attacker to... Moderate Unreviewed
CVE-2023-3897 was published Jul 25, 2023
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping... High Unreviewed
CVE-2023-3640 was published Jul 24, 2023
A potential power side-channel vulnerability in some AMD processors may allow an authenticated... Moderate Unreviewed
CVE-2023-20575 was published Jul 11, 2023
Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify... Moderate Unreviewed
CVE-2023-35698 was published Jul 10, 2023
A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to... Moderate Unreviewed
CVE-2023-3529 was published Jul 6, 2023
Under certain circumstances a C•CURE Portal user could enumerate user accounts in C•CURE 9000... Moderate Unreviewed
CVE-2021-36201 was published Jul 6, 2023
TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability.... Moderate Unreviewed
CVE-2023-3336 was published Jul 5, 2023
The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a... Moderate Unreviewed
CVE-2023-3139 was published Jul 4, 2023
AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use... Moderate Unreviewed
CVE-2023-34344 was published Jun 12, 2023
IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based... High Unreviewed
CVE-2023-32342 was published May 31, 2023
Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy Moderate Unreviewed
CVE-2023-31186 was published May 30, 2023
When supplied with a random MAC address, Snap One OvrC cloud servers will return... Moderate Unreviewed
CVE-2023-28412 was published May 22, 2023
ginuerzh/gost vulnerable to Timing Attack Moderate
CVE-2023-32691 was published for github.com/ginuerzh/gost (Go) May 22, 2023
porcupineyhairs
Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215,... Moderate Unreviewed
CVE-2023-23449 was published May 15, 2023
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be... Moderate Unreviewed
CVE-2022-40482 was published Apr 25, 2023
A username enumeration issue was discovered in Medicine Tracker System 1.0. The login... Moderate Unreviewed
CVE-2023-30458 was published Apr 24, 2023
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it... Unknown Unreviewed
CVE-2023-26556 was published Apr 21, 2023
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side... Unknown Unreviewed
CVE-2023-26557 was published Apr 21, 2023
A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions... Moderate Unreviewed
CVE-2023-27464 was published Apr 11, 2023
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks Moderate
CVE-2023-25000 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An Observable Response... High Unreviewed
CVE-2023-26071 was published Mar 28, 2023
Argo CD authenticated but unauthorized users may enumerate Application names via the API Moderate
CVE-2022-41354 was published for github.com/argoproj/argo-cd (Go) Mar 23, 2023
zhlu32
Answer has Observable Response Discrepancy Moderate
CVE-2023-1540 was published for github.com/answerdev/answer (Go) Mar 21, 2023
ProTip! Advisories are also available from the GraphQL API