GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
661 advisories
Weblate Vulnerable to Private Translation Enumeration via Screenshot API
Moderate
CVE-2026-44263
was published
for
weblate
(pip)
May 7, 2026
Parse Server has a protected field change detection oracle via LiveQuery watch parameter
Moderate
CVE-2026-33429
was published
for
parse-server
(npm)
Mar 20, 2026
Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
High
CVE-2026-28490
was published
for
authlib
(pip)
Mar 16, 2026
OpenClaw safeBins file-existence oracle information disclosure
Moderate
CVE-2026-4040
was published
for
openclaw
(npm)
Feb 19, 2026
Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake
Moderate
CVE-2026-26315
was published
for
github.com/ethereum/go-ethereum
(Go)
Feb 18, 2026
Directus Vulnerable to User Enumeration via Password Reset Timing Attack
Moderate
CVE-2026-26185
was published
for
@directus/api
(npm)
Feb 12, 2026
CI4MS Vulnerable to User Email Enumeration via Password Reset Flow
Moderate
CVE-2026-25509
was published
for
ci4-cms-erp/ci4ms
(Composer)
Feb 2, 2026
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login
Moderate
CVE-2026-23849
was published
for
github.com/filebrowser/filebrowser
(Go)
Jan 21, 2026
RustCrypto Utilities cmov: `thumbv6m-none-eabi` compiler emits non-constant time assembly when using `cmovnz`
High
CVE-2026-23519
was published
for
cmov
(Rust)
Jan 15, 2026
Zitadel has a user enumeration vulnerability in Login UIs
Moderate
CVE-2026-23511
was published
for
github.com/zitadel/zitadel
(Go)
Jan 15, 2026
ProTip!
Advisories are also available from the
GraphQL API