Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,667
Maven
5,000+
npm
4,295
NuGet
760
pip
4,073
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

620 advisories

Loading
Directus Vulnerable to Information Leakage in Existing Collections Moderate
CVE-2025-64749 was published for @directus/api (npm) Nov 13, 2025
sbstn-k kmzs
Credited to sbstn-k and kmzs
IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to... Moderate Unreviewed
CVE-2025-36225 was published Oct 9, 2025
Improper handling of authentication requests lead to a user enumeration vector in the passkey... Moderate Unreviewed
CVE-2025-54477 was published Sep 30, 2025
Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated... High Unreviewed
CVE-2025-41252 was published Sep 29, 2025
WSO2's Input Validation Management Service contains Observable Discrepancy when Multi-Attribute Login is enabled Low
CVE-2025-1396 was published for org.wso2.carbon.identity.framework:org.wso2.carbon.identity.input.validation.mgt (Maven) Sep 26, 2025
Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote... Critical Unreviewed
CVE-2025-10890 was published Sep 24, 2025
Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc.... Moderate Unreviewed
CVE-2025-9031 was published Sep 24, 2025
In multiple locations, there is a possible way to access data displayed on the screen due to side... Moderate Unreviewed
CVE-2025-48561 was published Sep 4, 2025
Presta Shop vulnerable to email enumeration Moderate
CVE-2025-51586 was published for prestashop/prestashop (Composer) Sep 4, 2025
Liferay Portal User Enumeration Vulnerability via the Create Account Page Moderate
CVE-2025-43751 was published for com.liferay:com.liferay.login.web (Maven) Aug 22, 2025
Liferay Portal Enumeration Discrepancy in Calendars Moderate
CVE-2025-43743 was published for com.liferay.portal:release.portal.bom (Maven) Aug 19, 2025
Liferay Portal Email Modification Vulnerability via Calendar Portlet Moderate
CVE-2025-43739 was published for com.liferay:com.liferay.calendar.service (Maven) Aug 19, 2025
A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this... Moderate Unreviewed
CVE-2025-9109 was published Aug 18, 2025
A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic.... Low Unreviewed
CVE-2025-8774 was published Aug 9, 2025
The public-facing product registration endpoint server responds differently depending on whether... Moderate Unreviewed
CVE-2025-47872 was published Aug 8, 2025
OpenBao has a Timing Side-Channel in the Userpass Auth Method Low
CVE-2025-54999 was published for github.com/openbao/openbao (Go) Aug 8, 2025
Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users Low
CVE-2025-6011 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the... Moderate Unreviewed
CVE-2025-24391 was published Jul 14, 2025
An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists... Moderate Unreviewed
CVE-2023-38327 was published Jul 11, 2025
Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function High
CVE-2025-6386 was published for lollms (pip) Jul 7, 2025
Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2... Moderate Unreviewed
CVE-2025-6056 was published Jul 4, 2025
A padding oracle vulnerability exists in Google Chrome’s AppBound cookie encryption mechanism due... High Unreviewed
CVE-2025-34091 was published Jul 2, 2025
user enumeration vulnerability in Daily Expense Manager v1.0. To exploit this vulnerability a... High Unreviewed
CVE-2025-40732 was published Jun 30, 2025
Mautic allows user name enumeration due to response time difference on password reset form Moderate
CVE-2024-47057 was published for mautic/core (Composer) May 28, 2025
patrykgruszka nick-vanpraet
Credited to patrykgruszka and nick-vanpraet
A minor information leak when running Screen with setuid-root privileges allosw unprivileged... Low Unreviewed
CVE-2025-46804 was published May 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database