GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
133 advisories
Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users
Moderate
GHSA-qxrw-f6fh-34r7
was published
for
lemmy_api
(Rust)
May 6, 2026
Statamic CMS vulnerable to email enumeration via forgot password endpoint
Moderate
CVE-2026-44306
was published
for
statamic/cms
(Composer)
May 6, 2026
AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint
Moderate
CVE-2026-33688
was published
for
wwbn/avideo
(Composer)
Mar 25, 2026
MinIO LDAP login brute-force via user enumeration and missing rate limit
Critical
CVE-2026-33419
was published
for
github.com/minio/minio
(Go)
Mar 20, 2026
Parse Server email verification resend page leaks user existence
Moderate
CVE-2026-33323
was published
for
parse-server
(npm)
Mar 19, 2026
Shopware has user enumeration via distinct error codes on Store API login endpoint
Moderate
CVE-2026-31888
was published
for
shopware/core
(Composer)
Mar 11, 2026
Parse Server vulnerable to user enumeration via email verification endpoint
Moderate
CVE-2026-31901
was published
for
parse-server
(npm)
Mar 11, 2026
NocoDB Vulnerable to User Enumeration via Password Reset Endpoint
Low
CVE-2026-28358
was published
for
nocodb
(npm)
Mar 2, 2026
Rucio WebUI has Username Enumeration via Login Error Message
Moderate
CVE-2026-25138
was published
for
rucio-webui
(pip)
Feb 25, 2026
Static Web Server affected by timing-based username enumeration in Basic Authentication due to early response on invalid usernames
Moderate
CVE-2026-27480
was published
for
static-web-server
(Rust)
Feb 20, 2026
CI4MS Vulnerable to User Email Enumeration via Password Reset Flow
Moderate
CVE-2026-25509
was published
for
ci4-cms-erp/ci4ms
(Composer)
Feb 2, 2026
ProTip!
Advisories are also available from the
GraphQL API