Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

17 advisories

Loading
FileBrowser Quantum has Username Enumeration via Authentication Timing Side-Channel Moderate
CVE-2026-54685 was published for github.com/gtsteffaniak/filebrowser/backend (Go) Mar 24, 2026
mdcoxe Credited to mdcoxe
opentelemetry-collector-contrib's azureauthextension Authenticate method does not validate bearer tokens, allowing auth bypass via replay High
CVE-2026-42602 was published for github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension (Go) May 6, 2026
caitlinhalla Credited to caitlinhalla
Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening Critical
GHSA-9h64-2846-7x7f was published for github.com/getaxonflow/axonflow (Go) May 6, 2026
Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware Moderate
CVE-2026-41263 was published for github.com/traefik/traefik (Go) Apr 24, 2026
kodareef5 Credited to kodareef5
Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel Low
CVE-2026-40263 was published for github.com/enchant97/note-mark/backend (Go) Apr 13, 2026
QiaoNPC Credited to QiaoNPC, Across-Verticals-Malaysia, and enchant97 Across-Verticals-Malaysia Across-Verticals-Malaysia
enchant97 enchant97
Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration Moderate
CVE-2026-32595 was published for github.com/traefik/traefik (Go) Mar 20, 2026
f1veT Credited to f1veT
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login Moderate
CVE-2026-23849 was published for github.com/filebrowser/filebrowser (Go) Jan 21, 2026
GUCHIHACKER Credited to GUCHIHACKER and hacdias hacdias hacdias
Mattermost has an Observable Timing Discrepancy vulnerability Low
CVE-2025-54499 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Dragonfly vulnerable to timing attacks against Proxy’s basic authentication Moderate
CVE-2025-59350 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi Credited to gaius-qi
Mattermost vulnerable to Observable Timing Discrepancy Moderate
CVE-2025-27936 was published for github.com/mattermost/mattermost-plugin-msteams (Go) Apr 16, 2025
open-telemetry has an Observable Timing Discrepancy Moderate
CVE-2024-42368 was published for github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension (Go) Aug 13, 2024
axw Credited to axw, arminru, frzifus, mx-psi, and evan-bradley arminru arminru
frzifus frzifus mx-psi mx-psi evan-bradley evan-bradley
OpenShift OSIN vulnerable to Observable Timing Discrepancy Moderate
CVE-2021-4294 was published for github.com/openshift/osin (Go) Dec 28, 2022
Harbor timing attack risk Moderate
CVE-2023-20902 was published for github.com/goharbor/harbor (Go) Oct 10, 2023
easy-scrypt Observable Timing Discrepancy vulnerability Moderate
CVE-2014-125055 was published for github.com/agnivade/easy-scrypt (Go) Jan 7, 2023
Atlantis Events vulnerable to Timing Attack High
CVE-2022-24912 was published for github.com/runatlantis/atlantis (Go) Jul 30, 2022
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks Moderate
CVE-2023-25000 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
Answer has Observable Timing Discrepancy Moderate
CVE-2023-1538 was published for github.com/answerdev/answer (Go) Mar 21, 2023
ProTip! Advisories are also available from the GraphQL API