Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,982
Maven
5,000+
npm
4,677
NuGet
788
pip
4,321
Pub
12
RubyGems
986
Rust
1,133
Swift
49
Unreviewed advisories
All unreviewed
5,000+

645 advisories

Loading
OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to... Moderate Unreviewed
CVE-2019-25337 was published Feb 13, 2026
Directus Vulnerable to User Enumeration via Password Reset Timing Attack Moderate
CVE-2026-26185 was published for @directus/api (npm) Feb 12, 2026
DenizParlak
Credited to DenizParlak
WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments... Moderate Unreviewed
CVE-2026-25562 was published Feb 8, 2026
CI4MS Vulnerable to User Email Enumeration via Password Reset Flow Moderate
CVE-2026-25509 was published for ci4-cms-erp/ci4ms (Composer) Feb 2, 2026
Far-Horizons
Credited to Far-Horizons
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login Moderate
CVE-2026-23849 was published for github.com/filebrowser/filebrowser (Go) Jan 21, 2026
GUCHIHACKER hacdias
Credited to GUCHIHACKER and hacdias
RustCrypto Utilities cmov: `thumbv6m-none-eabi` compiler emits non-constant time assembly when using `cmovnz` High
CVE-2026-23519 was published for cmov (Rust) Jan 15, 2026
NicsTr
Credited to NicsTr
Zitadel has a user enumeration vulnerability in Login UIs Moderate
CVE-2026-23511 was published for github.com/zitadel/zitadel (Go) Jan 15, 2026
IAM-marco livio-a
mntns
Credited to IAM-marco, livio-a, and mntns
REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between... Moderate Unreviewed
CVE-2024-55374 was published Jan 2, 2026
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid... Moderate Unreviewed
CVE-2022-50800 was published Dec 31, 2025
GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism... Moderate Unreviewed
CVE-2023-53943 was published Dec 18, 2025
There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows... Low Unreviewed
CVE-2025-65185 was published Dec 17, 2025
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test Low Unreviewed
CVE-2025-68164 was published Dec 16, 2025
Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into... Low Unreviewed
CVE-2025-13912 was published Dec 11, 2025
SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login... Moderate Unreviewed
CVE-2020-36888 was published Dec 10, 2025
User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated... Moderate Unreviewed
CVE-2025-39665 was published Dec 3, 2025
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... High Unreviewed
CVE-2025-59702 was published Dec 2, 2025
An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12... Moderate Unreviewed
CVE-2025-56423 was published Nov 24, 2025
The server previously verified the TLS 1.3 PSK binder using a non-constant time method which... Low Unreviewed
CVE-2025-11932 was published Nov 22, 2025
Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels... Low Unreviewed
CVE-2025-12888 was published Nov 22, 2025
Directus Vulnerable to Information Leakage in Existing Collections Moderate
CVE-2025-64749 was published for @directus/api (npm) Nov 13, 2025
sbstn-k kmzs
Credited to sbstn-k and kmzs
IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to... Moderate Unreviewed
CVE-2025-36225 was published Oct 9, 2025
Improper handling of authentication requests lead to a user enumeration vector in the passkey... Moderate Unreviewed
CVE-2025-54477 was published Sep 30, 2025
Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated... High Unreviewed
CVE-2025-41252 was published Sep 29, 2025
WSO2's Input Validation Management Service contains Observable Discrepancy when Multi-Attribute Login is enabled Low
CVE-2025-1396 was published for org.wso2.carbon.identity.framework:org.wso2.carbon.identity.input.validation.mgt (Maven) Sep 26, 2025
Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote... Critical Unreviewed
CVE-2025-10890 was published Sep 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database