Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,675
Maven
5,000+
npm
4,297
NuGet
760
pip
4,077
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,544 advisories

Loading
An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7... High Unreviewed
CVE-2022-42951 was published Feb 6, 2023
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of... High Unreviewed
CVE-2025-30116 was published Mar 18, 2025
The IHwAttestationService interface has a defect in authentication. Successful exploitation of... High Unreviewed
CVE-2022-48294 was published Feb 9, 2023
Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker... High Unreviewed
CVE-2024-57490 was published Mar 21, 2025
there is a possible permission bypass due to Debug certs being allowlisted. This could lead to... High Unreviewed
CVE-2024-29757 was published Apr 5, 2024
Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries High
CVE-2025-27403 was published for github.com/deislabs/ratify (Go) Mar 11, 2025
A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay... High Unreviewed
CVE-2025-2230 was published Mar 13, 2025
A vulnerability in the remote connection complements of the NVDA (Nonvisual Desktop Access) 2024... High Unreviewed
CVE-2025-26326 was published Feb 28, 2025
CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass... High Unreviewed
CVE-2025-0813 was published Mar 12, 2025
The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin... High Unreviewed
CVE-2024-11087 was published Mar 8, 2025
Improper Authentication in Flask-AppBuilder High
CVE-2021-41265 was published for Flask-AppBuilder (pip) Dec 9, 2021
Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to... High Unreviewed
CVE-2023-37362 was published Jul 20, 2023
Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library High
GHSA-gmhj-xjfh-cf6m was published for github.com/mohammed90/caddy-ssh (Go) Sep 23, 2022
Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account... High Unreviewed
CVE-2025-1723 was published Mar 3, 2025
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
Credited to mollux, escopecz, and patrykgruszka
A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary... High Unreviewed
CVE-2025-1024 was published Feb 19, 2025
In serializePasspointConfiguration of PasspointXmlUtils.java, there is a possible logic error in... High Unreviewed
CVE-2023-21027 was published Mar 24, 2023
djoser Authentication Bypass High
CVE-2024-21543 was published for djoser (pip) Dec 13, 2024
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to hijack a user's... High Unreviewed
CVE-2025-0981 was published Feb 18, 2025
A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits... High Unreviewed
CVE-2024-57046 was published Feb 18, 2025
An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate... High Unreviewed
CVE-2023-27091 was published Apr 4, 2023
Broken Authentication in Atlassian Connect Express High
CVE-2021-26073 was published for atlassian-connect-express (npm) May 24, 2022
Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due... High Unreviewed
CVE-2023-28727 was published Mar 31, 2023
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-13528 was published Feb 12, 2025
Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal... High Unreviewed
CVE-2024-46434 was published Feb 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database