Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,361
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,554
Pub
12
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

126 advisories

Loading
User enumeration in ESET Protect (on-prem) via Response Timing. Moderate Unreviewed
CVE-2025-3716 was published Mar 30, 2026
AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint Moderate
CVE-2026-33688 was published for wwbn/avideo (Composer) Mar 25, 2026
offset Credited to offset
MinIO LDAP login brute-force via user enumeration and missing rate limit Critical
CVE-2026-33419 was published for github.com/minio/minio (Go) Mar 20, 2026
harshavardhana Credited to harshavardhana, donatello, and taran-p donatello donatello
taran-p taran-p
Parse Server email verification resend page leaks user existence Moderate
CVE-2026-33323 was published for parse-server (npm) Mar 19, 2026
fancymalware Credited to fancymalware and mtrezza mtrezza mtrezza
Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in... Moderate Unreviewed
CVE-2025-69243 was published Mar 16, 2026
IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an... Moderate Unreviewed
CVE-2025-13460 was published Mar 16, 2026
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43,... Moderate Unreviewed
CVE-2026-24097 was published Mar 13, 2026
Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43,... Moderate Unreviewed
CVE-2026-2859 was published Mar 13, 2026
Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing.... Moderate Unreviewed
CVE-2025-12455 was published Mar 13, 2026
Shopware has user enumeration via distinct error codes on Store API login endpoint Moderate
CVE-2026-31888 was published for shopware/core (Composer) Mar 11, 2026
bugbunny-research Credited to bugbunny-research
Parse Server vulnerable to user enumeration via email verification endpoint Moderate
CVE-2026-31901 was published for parse-server (npm) Mar 11, 2026
0xkakash1 Credited to 0xkakash1 and mtrezza mtrezza mtrezza
NocoDB Vulnerable to User Enumeration via Password Reset Endpoint Low
CVE-2026-28358 was published for nocodb (npm) Mar 2, 2026
Tulgaaaaaaaa Credited to Tulgaaaaaaaa
Rucio WebUI has Username Enumeration via Login Error Message Moderate
CVE-2026-25138 was published for rucio-webui (pip) Feb 25, 2026
d-woosley Credited to d-woosley
Static Web Server affected by timing-based username enumeration in Basic Authentication due to early response on invalid usernames Moderate
CVE-2026-27480 was published for static-web-server (Rust) Feb 20, 2026
naoyashiga Credited to naoyashiga and joseluisq joseluisq joseluisq
A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery... Moderate Unreviewed
CVE-2026-26744 was published Feb 20, 2026
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset... Moderate Unreviewed
CVE-2019-25338 was published Feb 13, 2026
CI4MS Vulnerable to User Email Enumeration via Password Reset Flow Moderate
CVE-2026-25509 was published for ci4-cms-erp/ci4ms (Composer) Feb 2, 2026
Far-Horizons Credited to Far-Horizons
Discord through 2026-01-16 allows gathering information about whether a user's client state is... Moderate Unreviewed
CVE-2026-24332 was published Jan 22, 2026
Zitadel has a user enumeration vulnerability in Login UIs Moderate
CVE-2026-23511 was published for github.com/zitadel/zitadel (Go) Jan 15, 2026
IAM-marco Credited to IAM-marco, livio-a, and mntns livio-a livio-a
mntns mntns
Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists Moderate
CVE-2025-69413 was published for code.gitea.io/gitea (Go) Jan 1, 2026
Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This... Moderate Unreviewed
CVE-2025-62181 was published Dec 10, 2025
IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that... Moderate Unreviewed
CVE-2021-47717 was published Dec 9, 2025
A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected... Moderate Unreviewed
CVE-2025-40806 was published Dec 9, 2025
Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication... Moderate Unreviewed
CVE-2025-65899 was published Dec 5, 2025
Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for... Moderate Unreviewed
CVE-2025-12994 was published Dec 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database