Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

607 advisories

Loading
A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic.... Low Unreviewed
CVE-2025-8774 was published Aug 9, 2025
The public-facing product registration endpoint server responds differently depending on whether... Moderate Unreviewed
CVE-2025-47872 was published Aug 8, 2025
OpenBao has a Timing Side-Channel in the Userpass Auth Method Low
CVE-2025-54999 was published for github.com/openbao/openbao (Go) Aug 8, 2025
Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users Low
CVE-2025-6011 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the... Moderate Unreviewed
CVE-2025-24391 was published Jul 14, 2025
An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists... Moderate Unreviewed
CVE-2023-38327 was published Jul 11, 2025
Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function High
CVE-2025-6386 was published for lollms (pip) Jul 7, 2025
Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2... Moderate Unreviewed
CVE-2025-6056 was published Jul 4, 2025
A padding oracle vulnerability exists in Google Chrome’s AppBound cookie encryption mechanism due... High Unreviewed
CVE-2025-34091 was published Jul 2, 2025
user enumeration vulnerability in Daily Expense Manager v1.0. To exploit this vulnerability a... High Unreviewed
CVE-2025-40732 was published Jun 30, 2025
Mautic allows user name enumeration due to response time difference on password reset form Moderate
CVE-2024-47057 was published for mautic/core (Composer) May 28, 2025
patrykgruszka nick-vanpraet
A minor information leak when running Screen with setuid-root privileges allosw unprivileged... Low Unreviewed
CVE-2025-46804 was published May 26, 2025
CWE-203: Observable Discrepancy Moderate Unreviewed
CVE-2025-23182 was published May 22, 2025
Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX... Moderate Unreviewed
CVE-2025-3939 was published May 22, 2025
Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields Low
CVE-2025-46720 was published for @keystone-6/core (npm) May 5, 2025
emmatown dcousens
Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid... Moderate Unreviewed
CVE-2021-47664 was published Apr 24, 2025
Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an... Moderate Unreviewed
CVE-2024-11084 was published Apr 15, 2025
During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered... Moderate Unreviewed
CVE-2025-0361 was published Apr 8, 2025
IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive... Moderate Unreviewed
CVE-2024-51477 was published Mar 29, 2025
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow... High Unreviewed
CVE-2024-13939 was published Mar 28, 2025
An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/... Moderate Unreviewed
CVE-2025-30344 was published Mar 21, 2025
An unauthenticated remote attacker can gain access to sensitive information including... High Unreviewed
CVE-2025-1468 was published Mar 18, 2025
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations Moderate
CVE-2025-29780 was published for PostQuantum-Feldman-VSS (pip) Mar 14, 2025
DavidOsipov
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain... Low Unreviewed
CVE-2024-41760 was published Mar 11, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27667 was published Mar 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database