Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,850
Erlang
36
GitHub Actions
34
Go
2,480
Maven
5,000+
npm
4,097
NuGet
734
pip
3,910
Pub
12
RubyGems
945
Rust
1,014
Swift
39
Unreviewed advisories
All unreviewed
5,000+

89 advisories

Loading
CWE-204: Observable Response Discrepancy High Unreviewed
CVE-2025-46390 was published Aug 6, 2025
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote... Moderate Unreviewed
CVE-2025-54834 was published Jul 31, 2025
For failed login attempts, the application returns different error messages depending on whether... Moderate Unreviewed
CVE-2025-27451 was published Jul 3, 2025
An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint. High Unreviewed
CVE-2025-3092 was published Jun 26, 2025
User names used to access the web management interface are limited to the device identifier,... High Unreviewed
CVE-2025-5485 was published Jun 12, 2025
For failed login attempts, the application returns different error messages depending on whether... Moderate Unreviewed
CVE-2025-49187 was published Jun 12, 2025
IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker... Moderate Unreviewed
CVE-2025-0163 was published Jun 11, 2025
Mautic allows user name enumeration due to response time difference on password reset form Moderate
CVE-2024-47057 was published for mautic/core (Composer) May 28, 2025
patrykgruszka nick-vanpraet
Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX... Moderate Unreviewed
CVE-2025-3939 was published May 22, 2025
Failed login response could be different depending on whether the username was local or central. Low Unreviewed
CVE-2025-48015 was published May 20, 2025
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All... Moderate Unreviewed
CVE-2024-51447 was published May 13, 2025
Umbraco Makes User Enumeration Feasible Based on Timing of Login Response Moderate
CVE-2025-46736 was published for Umbraco.Cms (NuGet) May 6, 2025
arneHildrum KireB
krieriks
A vulnerability in the login functionality of the web application of ctrlX OS allows a remote... Moderate Unreviewed
CVE-2025-24342 was published Apr 30, 2025
Silverstripe Framework user enumeration via timing attack on login and password reset forms Moderate
GHSA-256q-hx8w-xcqx was published for silverstripe/framework (Composer) Apr 10, 2025
Shopware 6 allows attackers to check for registered accounts through the store-api Moderate
CVE-2025-30150 was published for shopware/core (Composer) Apr 8, 2025
niklaswolf
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix... Moderate Unreviewed
CVE-2025-30280 was published Apr 8, 2025
IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due... Moderate Unreviewed
CVE-2024-56476 was published Apr 2, 2025
User enumeration in the password reset module of the MeetMe authentication service in versions... Moderate Unreviewed
CVE-2025-2910 was published Mar 28, 2025
User Enumeration via Discrepancies in Error Messages in the Celk Sistemas Celk Saude v.3.1.252.1... Moderate Unreviewed
CVE-2024-55198 was published Mar 13, 2025
Flask-AppBuilder Observable Response Discrepancy Low
CVE-2025-24023 was published for flask-appbuilder (pip) Mar 3, 2025
millad7
A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or... Moderate Unreviewed
CVE-2025-1101 was published Feb 12, 2025
SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that... Moderate Unreviewed
CVE-2025-23193 was published Feb 11, 2025
Pimcore Admin Classic Bundle allows user enumeration Moderate
CVE-2025-24980 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 7, 2025
Ayman-Rayan
IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an... Moderate Unreviewed
CVE-2023-37413 was published Jan 29, 2025
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an... Moderate Unreviewed
CVE-2023-47159 was published Jan 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database