Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,176
Erlang
30
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,322
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

356 advisories

Loading
HashiCorp Vault and Vault Enterprise vulnerable to user enumeration Moderate
CVE-2023-3462 was published for github.com/hashicorp/vault (Go) Aug 1, 2023
Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy Moderate Unreviewed
CVE-2023-37217 was published Jul 30, 2023
User enumeration in On-premise SureMDM Solution on Windows deployment allows attacker to... Moderate Unreviewed
CVE-2023-3897 was published Jul 25, 2023
A potential power side-channel vulnerability in some AMD processors may allow an authenticated... Moderate Unreviewed
CVE-2023-20575 was published Jul 11, 2023
Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify... Moderate Unreviewed
CVE-2023-35698 was published Jul 10, 2023
A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to... Moderate Unreviewed
CVE-2023-3529 was published Jul 6, 2023
Under certain circumstances a C•CURE Portal user could enumerate user accounts in C•CURE 9000... Moderate Unreviewed
CVE-2021-36201 was published Jul 6, 2023
TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability.... Moderate Unreviewed
CVE-2023-3336 was published Jul 5, 2023
The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a... Moderate Unreviewed
CVE-2023-3139 was published Jul 4, 2023
User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. Moderate Unreviewed
CVE-2023-22359 was published Jun 26, 2023
AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use... Moderate Unreviewed
CVE-2023-34344 was published Jun 12, 2023
Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy Moderate Unreviewed
CVE-2023-31186 was published May 30, 2023
When supplied with a random MAC address, Snap One OvrC cloud servers will return... Moderate Unreviewed
CVE-2023-28412 was published May 22, 2023
ginuerzh/gost vulnerable to Timing Attack Moderate
CVE-2023-32691 was published for github.com/ginuerzh/gost (Go) May 22, 2023
porcupineyhairs
Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215,... Moderate Unreviewed
CVE-2023-23449 was published May 15, 2023
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be... Moderate Unreviewed
CVE-2022-40482 was published Apr 25, 2023
A username enumeration issue was discovered in Medicine Tracker System 1.0. The login... Moderate Unreviewed
CVE-2023-30458 was published Apr 24, 2023
A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions... Moderate Unreviewed
CVE-2023-27464 was published Apr 11, 2023
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks Moderate
CVE-2023-25000 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
Argo CD authenticated but unauthorized users may enumerate Application names via the API Moderate
CVE-2022-41354 was published for github.com/argoproj/argo-cd (Go) Mar 23, 2023
zhlu32
Answer has Observable Response Discrepancy Moderate
CVE-2023-1540 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer has Observable Timing Discrepancy Moderate
CVE-2023-1538 was published for github.com/answerdev/answer (Go) Mar 21, 2023
OpenSearch has time discrepancy in authentication responses Moderate
CVE-2023-25806 was published for org.opensearch.plugin:opensearch-security (Maven) Mar 7, 2023
vantage6 vulnerable to Observable Response Discrepancy Moderate
CVE-2022-39228 was published for vantage6 (pip) Feb 28, 2023
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To... Moderate Unreviewed
CVE-2020-12413 was published Feb 17, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database