Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,767
Maven
5,000+
npm
4,374
NuGet
770
pip
4,148
Pub
12
RubyGems
963
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

106 advisories

Loading
Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This... Moderate Unreviewed
CVE-2025-62181 was published Dec 10, 2025
IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that... Moderate Unreviewed
CVE-2021-47717 was published Dec 9, 2025
A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected... Moderate Unreviewed
CVE-2025-40806 was published Dec 9, 2025
Kalmia CMS version 0.2.0 contains a user enumeration vulnerability in its authentication... Moderate Unreviewed
CVE-2025-65899 was published Dec 5, 2025
Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for... Moderate Unreviewed
CVE-2025-12994 was published Dec 4, 2025
Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure Moderate
CVE-2025-66307 was published for getgrav/grav (Composer) Dec 2, 2025
m3ez
Credited to m3ez
Windu CMS is vulnerable to User Enumeration. This issue occurs during logon, where a difference... Moderate Unreviewed
CVE-2025-59116 was published Nov 18, 2025
Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious... Moderate Unreviewed
CVE-2025-25236 was published Nov 12, 2025
The Frontier Airlines website has a publicly available endpoint that validates if an email... Moderate Unreviewed
CVE-2025-62236 was published Oct 23, 2025
Tibbo AggreGate Network Manager < 6.40.05 contains an observable response discrepancy in its... Moderate Unreviewed
CVE-2025-34155 was published Oct 23, 2025
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy... Moderate Unreviewed
CVE-2025-34255 was published Oct 16, 2025
D-Link Nuclias Connect firmware versions <= 1.3.1.4 contain an observable response discrepancy... Moderate Unreviewed
CVE-2025-34254 was published Oct 16, 2025
A vulnerability in SAP Financial Service Claims Management RFC function... Moderate Unreviewed
CVE-2025-42903 was published Oct 14, 2025
For failed login attempts, the application returns different error messages depending on whether... Moderate Unreviewed
CVE-2025-58586 was published Oct 6, 2025
Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username... Moderate Unreviewed
CVE-2025-56764 was published Sep 29, 2025
Mautic Vulnerable to User Enumeration via Response Timing Moderate
CVE-2025-9824 was published for mautic/core (Composer) Sep 3, 2025
Vautia kuzmany
Credited to Vautia and kuzmany
Silverpeas Core Username Enumeration Vulnerability Moderate
CVE-2025-46047 was published for org.silverpeas.core:silverpeas-core (Maven) Sep 2, 2025
CWE-204: Observable Response Discrepancy High Unreviewed
CVE-2025-46390 was published Aug 6, 2025
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote... Moderate Unreviewed
CVE-2025-54834 was published Jul 31, 2025
For failed login attempts, the application returns different error messages depending on whether... Moderate Unreviewed
CVE-2025-27451 was published Jul 3, 2025
An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint. High Unreviewed
CVE-2025-3092 was published Jun 26, 2025
User names used to access the web management interface are limited to the device identifier,... High Unreviewed
CVE-2025-5485 was published Jun 12, 2025
For failed login attempts, the application returns different error messages depending on whether... Moderate Unreviewed
CVE-2025-49187 was published Jun 12, 2025
IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker... Moderate Unreviewed
CVE-2025-0163 was published Jun 11, 2025
Mautic allows user name enumeration due to response time difference on password reset form Moderate
CVE-2024-47057 was published for mautic/core (Composer) May 28, 2025
patrykgruszka nick-vanpraet
Credited to patrykgruszka and nick-vanpraet
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database