Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,736
Maven
5,000+
npm
4,336
NuGet
764
pip
4,110
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

103 advisories

Loading
Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication... Moderate Unreviewed
CVE-2025-65899 was published Dec 5, 2025
Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for... Moderate Unreviewed
CVE-2025-12994 was published Dec 4, 2025
Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure Moderate
CVE-2025-66307 was published for getgrav/grav (Composer) Dec 2, 2025
m3ez
Credited to m3ez
Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference... Moderate Unreviewed
CVE-2025-59116 was published Nov 18, 2025
Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious... Moderate Unreviewed
CVE-2025-25236 was published Nov 12, 2025
Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username... Moderate Unreviewed
CVE-2025-56764 was published Sep 29, 2025
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy... Moderate Unreviewed
CVE-2025-34255 was published Oct 16, 2025
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy... Moderate Unreviewed
CVE-2025-34254 was published Oct 16, 2025
The Frontier Airlines website has a publicly available endpoint that validates if an email... Moderate Unreviewed
CVE-2025-62236 was published Oct 23, 2025
Tibbo AggreGate Network Manager < 6.40.05 contains an observable response discrepancy in its... Moderate Unreviewed
CVE-2025-34155 was published Oct 23, 2025
A vulnerability in SAP Financial Service Claims Management RFC function... Moderate Unreviewed
CVE-2025-42903 was published Oct 14, 2025
For failed login attempts, the application returns different error messages depending on whether... Moderate Unreviewed
CVE-2025-58586 was published Oct 6, 2025
Shopware 6 allows attackers to check for registered accounts through the store-api Moderate
CVE-2025-30150 was published for shopware/core (Composer) Apr 8, 2025
niklaswolf
Credited to niklaswolf
Mautic Vulnerable to User Enumeration via Response Timing Moderate
CVE-2025-9824 was published for mautic/core (Composer) Sep 3, 2025
Vautia kuzmany
Credited to Vautia and kuzmany
Silverpeas Core Username Enumeration Vulnerability Moderate
CVE-2025-46047 was published for org.silverpeas.core:silverpeas-core (Maven) Sep 2, 2025
CWE-204: Observable Response Discrepancy High Unreviewed
CVE-2025-46390 was published Aug 6, 2025
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote... Moderate Unreviewed
CVE-2025-54834 was published Jul 31, 2025
For failed login attempts, the application returns different error messages depending on whether... Moderate Unreviewed
CVE-2025-27451 was published Jul 3, 2025
An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint. High Unreviewed
CVE-2025-3092 was published Jun 26, 2025
User names used to access the web management interface are limited to the device identifier,... High Unreviewed
CVE-2025-5485 was published Jun 12, 2025
For failed login attempts, the application returns different error messages depending on whether... Moderate Unreviewed
CVE-2025-49187 was published Jun 12, 2025
IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker... Moderate Unreviewed
CVE-2025-0163 was published Jun 11, 2025
Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX... Moderate Unreviewed
CVE-2025-3939 was published May 22, 2025
Mautic allows user name enumeration due to response time difference on password reset form Moderate
CVE-2024-47057 was published for mautic/core (Composer) May 28, 2025
patrykgruszka nick-vanpraet
Credited to patrykgruszka and nick-vanpraet
Failed login response could be different depending on whether the username was local or central. Low Unreviewed
CVE-2025-48015 was published May 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database