Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

427 advisories

Loading
Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX... Moderate Unreviewed
CVE-2025-3939 was published May 22, 2025
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature... Moderate Unreviewed
CVE-2022-30332 was published Jan 10, 2023
Mautic allows user name enumeration due to response time difference on password reset form Moderate
CVE-2024-47057 was published for mautic/core (Composer) May 28, 2025
patrykgruszka nick-vanpraet
ZITADEL "ignoring unknown usernames" vulnerability Moderate
CVE-2024-41952 was published for github.com/zitadel/zitadel (Go) Jul 31, 2024
livio-a
CWE-203: Observable Discrepancy Moderate Unreviewed
CVE-2025-23182 was published May 22, 2025
Observable behavioral in power management throttling for some Intel(R) Processors may allow an... Moderate Unreviewed
CVE-2022-24436 was published Jun 16, 2022
Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to... Moderate Unreviewed
CVE-2021-33149 was published May 13, 2022
An information-disclosure vulnerability exists on select NXP devices when configured in Serial... Moderate Unreviewed
CVE-2022-45163 was published Nov 19, 2022
A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate... Moderate Unreviewed
CVE-2022-0564 was published Feb 22, 2022
Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid... Moderate Unreviewed
CVE-2021-47664 was published Apr 24, 2025
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access... Moderate Unreviewed
CVE-2022-46392 was published Dec 16, 2022
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite... Moderate Unreviewed
CVE-2017-13099 was published May 13, 2022
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA... Moderate Unreviewed
CVE-2017-1000385 was published May 13, 2022
A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505,... Moderate Unreviewed
CVE-2017-12373 was published May 13, 2022
Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an... Moderate Unreviewed
CVE-2017-17427 was published May 13, 2022
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is... Moderate Unreviewed
CVE-2016-9129 was published May 13, 2022
Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes Moderate
CVE-2025-24011 was published for Umbraco.Cms (NuGet) Jan 21, 2025
While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was... Moderate Unreviewed
CVE-2022-26382 was published Dec 22, 2022
An attacker could have exploited a timing attack by sending a large number of allowCredential... Moderate Unreviewed
CVE-2022-31742 was published Dec 22, 2022
Service Workers should not be able to infer information about opaque cross-origin responses; but... Moderate Unreviewed
CVE-2022-45403 was published Dec 22, 2022
Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an... Moderate Unreviewed
CVE-2024-11084 was published Apr 15, 2025
Snipe-IT allows attackers to check whether a user account exists Moderate
CVE-2022-44381 was published for snipe/snipe-it (Composer) Dec 25, 2022
Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread... Moderate Unreviewed
CVE-2022-45416 was published Dec 22, 2022
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly... Moderate Unreviewed
CVE-2016-2178 was published May 13, 2022
During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered... Moderate Unreviewed
CVE-2025-0361 was published Apr 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database