Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

658 advisories

Loading
User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to... Moderate Unreviewed
CVE-2026-26895 was published Apr 2, 2026
Parse Server has a protected field change detection oracle via LiveQuery watch parameter Moderate
CVE-2026-33429 was published for parse-server (npm) Mar 20, 2026
offset Credited to offset and mtrezza mtrezza mtrezza
wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64... Low Unreviewed
CVE-2026-3579 was published Mar 19, 2026
In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into... Low Unreviewed
CVE-2026-3580 was published Mar 19, 2026
Mattermost fails to use consistent error responses when handling the /mute command Moderate
CVE-2026-21386 was published for github.com/mattermost/mattermost-server (Go) Mar 16, 2026
Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle High
CVE-2026-28490 was published for authlib (pip) Mar 16, 2026
Pr00fOf3xpl0it Credited to Pr00fOf3xpl0it and Jaynornj Jaynornj Jaynornj
A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file... Moderate Unreviewed
CVE-2026-4045 was published Mar 12, 2026
OpenClaw safeBins file-existence oracle information disclosure Moderate
CVE-2026-4040 was published for openclaw (npm) Feb 19, 2026
nedlir Credited to nedlir
GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration... Moderate Unreviewed
CVE-2026-23621 was published Feb 19, 2026
GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration... Moderate Unreviewed
CVE-2026-23620 was published Feb 19, 2026
Go Ethereum Improperly Validates the ECIES Public Key in RLPx Handshake Moderate
CVE-2026-26315 was published for github.com/ethereum/go-ethereum (Go) Feb 18, 2026
fengjian Credited to fengjian
OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to... Moderate Unreviewed
CVE-2019-25337 was published Feb 13, 2026
Directus Vulnerable to User Enumeration via Password Reset Timing Attack Moderate
CVE-2026-26185 was published for @directus/api (npm) Feb 12, 2026
DenizParlak Credited to DenizParlak
WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments... Moderate Unreviewed
CVE-2026-25562 was published Feb 8, 2026
CI4MS Vulnerable to User Email Enumeration via Password Reset Flow Moderate
CVE-2026-25509 was published for ci4-cms-erp/ci4ms (Composer) Feb 2, 2026
Far-Horizons Credited to Far-Horizons
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login Moderate
CVE-2026-23849 was published for github.com/filebrowser/filebrowser (Go) Jan 21, 2026
GUCHIHACKER Credited to GUCHIHACKER and hacdias hacdias hacdias
RustCrypto Utilities cmov: `thumbv6m-none-eabi` compiler emits non-constant time assembly when using `cmovnz` High
CVE-2026-23519 was published for cmov (Rust) Jan 15, 2026
NicsTr Credited to NicsTr
Zitadel has a user enumeration vulnerability in Login UIs Moderate
CVE-2026-23511 was published for github.com/zitadel/zitadel (Go) Jan 15, 2026
IAM-marco Credited to IAM-marco, livio-a, and mntns livio-a livio-a
mntns mntns
REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between... Moderate Unreviewed
CVE-2024-55374 was published Jan 2, 2026
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid... Moderate Unreviewed
CVE-2022-50800 was published Dec 31, 2025
GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism... Moderate Unreviewed
CVE-2023-53943 was published Dec 18, 2025
There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows... Low Unreviewed
CVE-2025-65185 was published Dec 17, 2025
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test Low Unreviewed
CVE-2025-68164 was published Dec 16, 2025
Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into... Low Unreviewed
CVE-2025-13912 was published Dec 11, 2025
SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login... Moderate Unreviewed
CVE-2020-36888 was published Dec 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database