Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

82 advisories

Loading
Mautic allows user name enumeration due to response time difference on password reset form Moderate
CVE-2024-47057 was published for mautic/core (Composer) May 28, 2025
patrykgruszka nick-vanpraet
Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX... Moderate Unreviewed
CVE-2025-3939 was published May 22, 2025
Failed login response could be different depending on whether the username was local or central. Low Unreviewed
CVE-2025-48015 was published May 20, 2025
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All... Moderate Unreviewed
CVE-2024-51447 was published May 13, 2025
Umbraco Makes User Enumeration Feasible Based on Timing of Login Response Moderate
CVE-2025-46736 was published for Umbraco.Cms (NuGet) May 6, 2025
arneHildrum KireB
krieriks
A vulnerability in the login functionality of the web application of ctrlX OS allows a remote... Moderate Unreviewed
CVE-2025-24342 was published Apr 30, 2025
Silverstripe Framework user enumeration via timing attack on login and password reset forms Moderate
GHSA-256q-hx8w-xcqx was published for silverstripe/framework (Composer) Apr 10, 2025
Shopware 6 allows attackers to check for registered accounts through the store-api Moderate
CVE-2025-30150 was published for shopware/core (Composer) Apr 8, 2025
niklaswolf
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix... Moderate Unreviewed
CVE-2025-30280 was published Apr 8, 2025
IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due... Moderate Unreviewed
CVE-2024-56476 was published Apr 2, 2025
User enumeration in the password reset module of the MeetMe authentication service in versions... Moderate Unreviewed
CVE-2025-2910 was published Mar 28, 2025
User Enumeration via Discrepancies in Error Messages in the Celk Sistemas Celk Saude v.3.1.252.1... Moderate Unreviewed
CVE-2024-55198 was published Mar 13, 2025
Flask-AppBuilder Observable Response Discrepancy Low
CVE-2025-24023 was published for flask-appbuilder (pip) Mar 3, 2025
millad7
A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or... Moderate Unreviewed
CVE-2025-1101 was published Feb 12, 2025
SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that... Moderate Unreviewed
CVE-2025-23193 was published Feb 11, 2025
Pimcore Admin Classic Bundle allows user enumeration Moderate
CVE-2025-24980 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 7, 2025
Ayman-Rayan
IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an... Moderate Unreviewed
CVE-2023-37413 was published Jan 29, 2025
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an... Moderate Unreviewed
CVE-2023-47159 was published Jan 27, 2025
IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due... Moderate Unreviewed
CVE-2024-35114 was published Jan 25, 2025
Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force... Moderate Unreviewed
CVE-2025-0693 was published Jan 24, 2025
An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through... Moderate Unreviewed
CVE-2024-36510 was published Jan 14, 2025
HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user... Low Unreviewed
CVE-2024-42174 was published Jan 11, 2025
A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an... Moderate Unreviewed
CVE-2022-20633 was published Nov 15, 2024
Observable Response Discrepancy vulnerability in HumHub GmbH & Co. KG - HumHub on Linux allows:... Moderate Unreviewed
CVE-2024-52043 was published Nov 6, 2024
Django allows enumeration of user e-mail addresses Moderate
CVE-2024-45231 was published for Django (pip) Oct 8, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database