Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

17 advisories

Loading
Information Disclosure in Password Reset Low
CVE-2020-11063 was published for typo3/cms (Composer) May 13, 2020
NeoBlack ohader
Observable Response Discrepancy in Lost Password Service Moderate
CVE-2021-39189 was published for pimcore/pimcore (Composer) Sep 20, 2021
Observable Response Discrepancy in Flask-AppBuilder Moderate
CVE-2022-21659 was published for Flask-AppBuilder (pip) Feb 1, 2022
SamWheating
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms Moderate
CVE-2022-39314 was published for getkirby/cms (Composer) Oct 18, 2022
florianmrz
Kirby CMS vulnerable to user enumeration in the brute force protection Moderate
CVE-2022-39315 was published for getkirby/cms (Composer) Oct 18, 2022
vantage6 vulnerable to Observable Response Discrepancy Moderate
CVE-2022-39228 was published for vantage6 (pip) Feb 28, 2023
Answer has Observable Response Discrepancy Moderate
CVE-2023-1540 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Sulu Observable Response Discrepancy on Admin Login Moderate
CVE-2023-39343 was published for sulu/sulu (Composer) Aug 3, 2023
s23hck
Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration Moderate
CVE-2023-41885 was published for piccolo (pip) Sep 12, 2023
Skelmis
Liferay Portal allows attackers to discover the existence of sites Moderate
CVE-2024-25146 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
CasaOS Username Enumeration Moderate
CVE-2024-24766 was published for github.com/IceWhaleTech/CasaOS-UserService (Go) Mar 6, 2024
DrDark1999
Umbraco possible user enumeration Low
CVE-2024-28868 was published for UmbracoCMS (NuGet) Mar 20, 2024
poan21
CasaOS Username Enumeration - Bypass of CVE-2024-24766 Moderate
CVE-2024-28232 was published for github.com/IceWhaleTech/CasaOS-UserService (Go) Apr 1, 2024
DrDark1999
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames Moderate
CVE-2024-39912 was published for web-auth/webauthn-framework (Composer) Jul 15, 2024
marcriemer
OpaMiddleware does not filter HTTP OPTIONS requests Moderate
CVE-2024-40627 was published for fastapi-opa (pip) Jul 15, 2024
miceg
Mautic allows users enumeration due to weak password login Moderate
CVE-2024-47059 was published for mautic/core (Composer) Sep 18, 2024
tomekkowalczyk patrykgruszka
escopecz rafibz007
Django allows enumeration of user e-mail addresses Moderate
CVE-2024-45231 was published for Django (pip) Oct 8, 2024
ProTip! Advisories are also available from the GraphQL API