Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,877
Maven
5,000+
npm
4,513
NuGet
784
pip
4,257
Pub
12
RubyGems
975
Rust
1,105
Swift
49
Unreviewed advisories
All unreviewed
5,000+

639 advisories

Loading
RustCrypto Utilities cmov: `thumbv6m-none-eabi` compiler emits non-constant time assembly when using `cmovnz` High
CVE-2026-23519 was published for cmov (Rust) Jan 15, 2026
NicsTr
Credited to NicsTr
Zitadel has a user enumeration vulnerability in Login UIs Moderate
CVE-2026-23511 was published for github.com/zitadel/zitadel (Go) Jan 15, 2026
IAM-marco livio-a
mntns
Credited to IAM-marco, livio-a, and mntns
REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between... Moderate Unreviewed
CVE-2024-55374 was published Jan 2, 2026
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid... Moderate Unreviewed
CVE-2022-50800 was published Dec 31, 2025
GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism... Moderate Unreviewed
CVE-2023-53943 was published Dec 18, 2025
There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows... Low Unreviewed
CVE-2025-65185 was published Dec 17, 2025
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test Low Unreviewed
CVE-2025-68164 was published Dec 16, 2025
Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into... Low Unreviewed
CVE-2025-13912 was published Dec 11, 2025
SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login... Moderate Unreviewed
CVE-2020-36888 was published Dec 10, 2025
User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated... Moderate Unreviewed
CVE-2025-39665 was published Dec 3, 2025
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... High Unreviewed
CVE-2025-59702 was published Dec 2, 2025
An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12... Moderate Unreviewed
CVE-2025-56423 was published Nov 24, 2025
Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels... Low Unreviewed
CVE-2025-12888 was published Nov 22, 2025
The server previously verified the TLS 1.3 PSK binder using a non-constant time method which... Low Unreviewed
CVE-2025-11932 was published Nov 22, 2025
Directus Vulnerable to Information Leakage in Existing Collections Moderate
CVE-2025-64749 was published for @directus/api (npm) Nov 13, 2025
sbstn-k kmzs
Credited to sbstn-k and kmzs
IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to... Moderate Unreviewed
CVE-2025-36225 was published Oct 9, 2025
Improper handling of authentication requests lead to a user enumeration vector in the passkey... Moderate Unreviewed
CVE-2025-54477 was published Sep 30, 2025
Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated... High Unreviewed
CVE-2025-41252 was published Sep 29, 2025
WSO2's Input Validation Management Service contains Observable Discrepancy when Multi-Attribute Login is enabled Low
CVE-2025-1396 was published for org.wso2.carbon.identity.framework:org.wso2.carbon.identity.input.validation.mgt (Maven) Sep 26, 2025
Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote... Critical Unreviewed
CVE-2025-10890 was published Sep 24, 2025
Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc.... Moderate Unreviewed
CVE-2025-9031 was published Sep 24, 2025
Liferay Portal exposes ERC which can lead to exploit the time response attack Moderate
CVE-2025-43786 was published for com.liferay:com.liferay.headless.admin.workflow.impl (Maven) Sep 9, 2025
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison... High Unreviewed
CVE-2025-39702 was published Sep 5, 2025
In multiple locations, there is a possible way to access data displayed on the screen due to side... Moderate Unreviewed
CVE-2025-48561 was published Sep 4, 2025
Presta Shop vulnerable to email enumeration Moderate
CVE-2025-51586 was published for prestashop/prestashop (Composer) Sep 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database