GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
139 advisories
AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration sibling that survives `d9cdc7024`
Moderate
CVE-2026-45620
was published
for
WWBN/AVideo
(Composer)
May 18, 2026
Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users
Moderate
GHSA-qxrw-f6fh-34r7
was published
for
lemmy_api
(Rust)
May 6, 2026
Statamic CMS vulnerable to email enumeration via forgot password endpoint
Moderate
CVE-2026-44306
was published
for
statamic/cms
(Composer)
May 6, 2026
AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint
Moderate
CVE-2026-33688
was published
for
wwbn/avideo
(Composer)
Mar 25, 2026
MinIO LDAP login brute-force via user enumeration and missing rate limit
Critical
CVE-2026-33419
was published
for
github.com/minio/minio
(Go)
Mar 20, 2026
Parse Server email verification resend page leaks user existence
Moderate
CVE-2026-33323
was published
for
parse-server
(npm)
Mar 19, 2026
Shopware has user enumeration via distinct error codes on Store API login endpoint
Moderate
CVE-2026-31888
was published
for
shopware/core
(Composer)
Mar 11, 2026
Parse Server vulnerable to user enumeration via email verification endpoint
Moderate
CVE-2026-31901
was published
for
parse-server
(npm)
Mar 11, 2026
NocoDB Vulnerable to User Enumeration via Password Reset Endpoint
Low
CVE-2026-28358
was published
for
nocodb
(npm)
Mar 2, 2026
ProTip!
Advisories are also available from the
GraphQL API