Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,731
Maven
5,000+
npm
4,332
NuGet
763
pip
4,109
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
Information Disclosure in Password Reset Low
CVE-2020-11063 was published for typo3/cms (Composer) May 13, 2020
NeoBlack ohader
Credited to NeoBlack and ohader
Observable Response Discrepancy in Lost Password Service Moderate
CVE-2021-39189 was published for pimcore/pimcore (Composer) Sep 20, 2021
Observable Response Discrepancy in Flask-AppBuilder Moderate
CVE-2022-21659 was published for Flask-AppBuilder (pip) Feb 1, 2022
SamWheating
Credited to SamWheating
Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) Moderate
CVE-2019-19030 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms Moderate
CVE-2022-39314 was published for getkirby/cms (Composer) Oct 18, 2022
florianmrz
Credited to florianmrz
Kirby CMS vulnerable to user enumeration in the brute force protection Moderate
CVE-2022-39315 was published for getkirby/cms (Composer) Oct 18, 2022
vantage6 vulnerable to Observable Response Discrepancy Moderate
CVE-2022-39228 was published for vantage6 (pip) Feb 28, 2023
Answer has Observable Response Discrepancy Moderate
CVE-2023-1540 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Sulu Observable Response Discrepancy on Admin Login Moderate
CVE-2023-39343 was published for sulu/sulu (Composer) Aug 3, 2023
s23hck
Credited to s23hck
Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration Moderate
CVE-2023-41885 was published for piccolo (pip) Sep 12, 2023
Skelmis
Credited to Skelmis
Liferay Portal allows attackers to discover the existence of sites Moderate
CVE-2024-25146 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
CasaOS Username Enumeration Moderate
CVE-2024-24766 was published for github.com/IceWhaleTech/CasaOS-UserService (Go) Mar 6, 2024
DrDark1999
Credited to DrDark1999
Umbraco possible user enumeration Low
CVE-2024-28868 was published for UmbracoCMS (NuGet) Mar 20, 2024
poan21
Credited to poan21
CasaOS Username Enumeration - Bypass of CVE-2024-24766 Moderate
CVE-2024-28232 was published for github.com/IceWhaleTech/CasaOS-UserService (Go) Apr 1, 2024
DrDark1999
Credited to DrDark1999
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames Moderate
CVE-2024-39912 was published for web-auth/webauthn-framework (Composer) Jul 15, 2024
marcriemer
Credited to marcriemer
OpaMiddleware does not filter HTTP OPTIONS requests Moderate
CVE-2024-40627 was published for fastapi-opa (pip) Jul 15, 2024
miceg
Credited to miceg
Mautic allows users enumeration due to weak password login Moderate
CVE-2024-47059 was published for mautic/core (Composer) Sep 18, 2024
tomekkowalczyk patrykgruszka
escopecz rafibz007
Credited to tomekkowalczyk, patrykgruszka, escopecz, and rafibz007
Django allows enumeration of user e-mail addresses Moderate
CVE-2024-45231 was published for Django (pip) Oct 8, 2024
Pimcore Admin Classic Bundle allows user enumeration Moderate
CVE-2025-24980 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 7, 2025
Ayman-Rayan
Credited to Ayman-Rayan
Flask-AppBuilder Observable Response Discrepancy Low
CVE-2025-24023 was published for flask-appbuilder (pip) Mar 3, 2025
millad7
Credited to millad7
Shopware 6 allows attackers to check for registered accounts through the store-api Moderate
CVE-2025-30150 was published for shopware/core (Composer) Apr 8, 2025
niklaswolf
Credited to niklaswolf
Silverstripe Framework user enumeration via timing attack on login and password reset forms Moderate
GHSA-256q-hx8w-xcqx was published for silverstripe/framework (Composer) Apr 10, 2025
Umbraco Makes User Enumeration Feasible Based on Timing of Login Response Moderate
CVE-2025-46736 was published for Umbraco.Cms (NuGet) May 6, 2025
arneHildrum KireB
krieriks
Credited to arneHildrum, KireB, and krieriks
Mautic allows user name enumeration due to response time difference on password reset form Moderate
CVE-2024-47057 was published for mautic/core (Composer) May 28, 2025
patrykgruszka nick-vanpraet
Credited to patrykgruszka and nick-vanpraet
Silverpeas Core Username Enumeration Vulnerability Moderate
CVE-2025-46047 was published for org.silverpeas.core:silverpeas-core (Maven) Sep 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database