Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

613 advisories

Loading
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping... High Unreviewed
CVE-2023-3640 was published Jul 24, 2023
User enumeration in On-premise SureMDM Solution on Windows deployment allows attacker to... Moderate Unreviewed
CVE-2023-3897 was published Jul 25, 2023
Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy Moderate Unreviewed
CVE-2023-37217 was published Jul 30, 2023
HashiCorp Vault and Vault Enterprise vulnerable to user enumeration Moderate
CVE-2023-3462 was published for github.com/hashicorp/vault (Go) Aug 1, 2023
A potential power side-channel vulnerability in AMD processors may allow an authenticated... Moderate Unreviewed
CVE-2023-20583 was published Aug 1, 2023
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the... Moderate Unreviewed
CVE-2023-20569 was published Aug 8, 2023
This issue was addressed by restricting options offered on a locked device. This issue is fixed... Low Unreviewed
CVE-2022-46724 was published Aug 15, 2023
Jenkins Tuleap Authentication Plugin non-constant time token comparison Low
CVE-2023-40343 was published for io.jenkins.plugins:tuleap-oauth (Maven) Aug 16, 2023
The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login... High Unreviewed
CVE-2023-3604 was published Aug 21, 2023
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a... High Unreviewed
CVE-2023-33850 was published Aug 22, 2023
User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password... Critical Unreviewed
CVE-2023-40756 was published Aug 28, 2023
Username enumeration attack in goauthentik Moderate
CVE-2023-39522 was published for @goauthentik/api (npm) Aug 29, 2023
markrassamni
User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could... Moderate Unreviewed
CVE-2023-3221 was published Sep 4, 2023
Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration Moderate
CVE-2023-41885 was published for piccolo (pip) Sep 12, 2023
Skelmis
User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this... Moderate Unreviewed
CVE-2023-4095 was published Sep 19, 2023
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated... High Unreviewed
CVE-2023-25529 was published Sep 20, 2023
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software... Moderate Unreviewed
CVE-2023-44216 was published Sep 27, 2023
Economizzer user enumeration vulnerability Moderate
CVE-2023-38871 was published for gugoan/economizzer (Composer) Sep 28, 2023
A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All... Moderate Unreviewed
CVE-2023-43623 was published Oct 10, 2023
User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during... High Unreviewed
CVE-2023-36127 was published Oct 11, 2023
The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM,... Moderate Unreviewed
CVE-2022-25332 was published Oct 19, 2023
Using iterative requests an attacker was able to learn the size of an opaque response, as well as... Moderate Unreviewed
CVE-2023-5722 was published Oct 25, 2023
In Package Installer, there is a possible way to determine whether an app is installed, without... High Unreviewed
CVE-2023-21324 was published Oct 30, 2023
In Slice, there is a possible disclosure of installed applications due to side channel... High Unreviewed
CVE-2023-21298 was published Oct 30, 2023
In PackageManager, there is a possible way to determine whether an app is installed, without... Moderate Unreviewed
CVE-2023-21300 was published Oct 30, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database