Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,690
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

101 advisories

Loading
Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure Moderate
CVE-2025-66307 was published for getgrav/grav (Composer) Dec 2, 2025
m3ez
Credited to m3ez
Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference... Moderate Unreviewed
CVE-2025-59116 was published Nov 18, 2025
Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious... Moderate Unreviewed
CVE-2025-25236 was published Nov 12, 2025
The Frontier Airlines website has a publicly available endpoint that validates if an email... Moderate Unreviewed
CVE-2025-62236 was published Oct 23, 2025
Tibbo AggreGate Network Manager < 6.40.05 contains an observable response discrepancy in its... Moderate Unreviewed
CVE-2025-34155 was published Oct 23, 2025
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy... Moderate Unreviewed
CVE-2025-34255 was published Oct 16, 2025
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy... Moderate Unreviewed
CVE-2025-34254 was published Oct 16, 2025
A vulnerability in SAP Financial Service Claims Management RFC function... Moderate Unreviewed
CVE-2025-42903 was published Oct 14, 2025
For failed login attempts, the application returns different error messages depending on whether... Moderate Unreviewed
CVE-2025-58586 was published Oct 6, 2025
Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username... Moderate Unreviewed
CVE-2025-56764 was published Sep 29, 2025
Mautic Vulnerable to User Enumeration via Response Timing Moderate
CVE-2025-9824 was published for mautic/core (Composer) Sep 3, 2025
Vautia kuzmany
Credited to Vautia and kuzmany
Silverpeas Core Username Enumeration Vulnerability Moderate
CVE-2025-46047 was published for org.silverpeas.core:silverpeas-core (Maven) Sep 2, 2025
CWE-204: Observable Response Discrepancy High Unreviewed
CVE-2025-46390 was published Aug 6, 2025
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote... Moderate Unreviewed
CVE-2025-54834 was published Jul 31, 2025
For failed login attempts, the application returns different error messages depending on whether... Moderate Unreviewed
CVE-2025-27451 was published Jul 3, 2025
An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint. High Unreviewed
CVE-2025-3092 was published Jun 26, 2025
User names used to access the web management interface are limited to the device identifier,... High Unreviewed
CVE-2025-5485 was published Jun 12, 2025
For failed login attempts, the application returns different error messages depending on whether... Moderate Unreviewed
CVE-2025-49187 was published Jun 12, 2025
IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker... Moderate Unreviewed
CVE-2025-0163 was published Jun 11, 2025
Mautic allows user name enumeration due to response time difference on password reset form Moderate
CVE-2024-47057 was published for mautic/core (Composer) May 28, 2025
patrykgruszka nick-vanpraet
Credited to patrykgruszka and nick-vanpraet
Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX... Moderate Unreviewed
CVE-2025-3939 was published May 22, 2025
Failed login response could be different depending on whether the username was local or central. Low Unreviewed
CVE-2025-48015 was published May 20, 2025
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All... Moderate Unreviewed
CVE-2024-51447 was published May 13, 2025
Umbraco Makes User Enumeration Feasible Based on Timing of Login Response Moderate
CVE-2025-46736 was published for Umbraco.Cms (NuGet) May 6, 2025
arneHildrum KireB
krieriks
Credited to arneHildrum, KireB, and krieriks
A vulnerability in the login functionality of the web application of ctrlX OS allows a remote... Moderate Unreviewed
CVE-2025-24342 was published Apr 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database