GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 30,047
Composer 5,762
Erlang 50
GitHub Actions 50
Go 3,710
Maven 6,522
npm 6,028
NuGet 935
pip 4,938
Pub 13
RubyGems 1,053
Rust 1,333
Swift 54

Unreviewed advisories

All unreviewed 300,964

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

539 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate... Moderate Unreviewed

CVE-2023-5872 was published Apr 16, 2026

User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to... Moderate Unreviewed

CVE-2026-26895 was published Apr 2, 2026

The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid... Low Unreviewed

CVE-2025-67806 was published Apr 1, 2026

wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64... Low Unreviewed

CVE-2026-3579 was published Mar 19, 2026

In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into... Low Unreviewed

CVE-2026-3580 was published Mar 19, 2026

A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file... Moderate Unreviewed

CVE-2026-4045 was published Mar 12, 2026

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration... Moderate Unreviewed

CVE-2026-23621 was published Feb 19, 2026

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration... Moderate Unreviewed

CVE-2026-23620 was published Feb 19, 2026

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to... Moderate Unreviewed

CVE-2019-25337 was published Feb 13, 2026

WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments... Moderate Unreviewed

CVE-2026-25562 was published Feb 8, 2026

REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between... Moderate Unreviewed

CVE-2024-55374 was published Jan 2, 2026

H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid... Moderate Unreviewed

CVE-2022-50800 was published Dec 31, 2025

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism... Moderate Unreviewed

CVE-2023-53943 was published Dec 18, 2025

There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows... Low Unreviewed

CVE-2025-65185 was published Dec 17, 2025

In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test Low Unreviewed

CVE-2025-68164 was published Dec 16, 2025

Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into... Low Unreviewed

CVE-2025-13912 was published Dec 11, 2025

SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login... Moderate Unreviewed

CVE-2020-36888 was published Dec 10, 2025

User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated... Moderate Unreviewed

CVE-2025-39665 was published Dec 3, 2025

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... High Unreviewed

CVE-2025-59702 was published Dec 2, 2025

An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12... Moderate Unreviewed

CVE-2025-56423 was published Nov 24, 2025

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels... Low Unreviewed

CVE-2025-12888 was published Nov 22, 2025

The server previously verified the TLS 1.3 PSK binder using a non-constant time method which... Low Unreviewed

CVE-2025-11932 was published Nov 22, 2025

IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to... Moderate Unreviewed

CVE-2025-36225 was published Oct 9, 2025

Improper handling of authentication requests lead to a user enumeration vector in the passkey... Moderate Unreviewed

CVE-2025-54477 was published Sep 30, 2025

Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated... High Unreviewed

CVE-2025-41252 was published Sep 29, 2025

Previous1…22 Next

Previous 1 2 3 4 5 … 21 22 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

539 advisories