Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,690
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

991 advisories

Loading
MallChat v1.0-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this... Critical Unreviewed
CVE-2024-50645 was published Aug 22, 2025
An issue in Roadcute API v.1 allows a remote attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2025-52395 was published Aug 21, 2025
jeewx-boot 1.3 has an authentication bypass vulnerability in the preHandle function Critical Unreviewed
CVE-2024-50640 was published Aug 20, 2025
JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication... Critical Unreviewed
CVE-2025-50901 was published Aug 20, 2025
In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific... Critical Unreviewed
CVE-2025-51451 was published Aug 13, 2025
Node-SAML SAML Signature Verification Vulnerability Critical
CVE-2025-54419 was published for @node-saml/node-saml (npm) Jul 28, 2025
ahacker1-securesaml cjbarth
Credited to ahacker1-securesaml and cjbarth
Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if... Critical Unreviewed
CVE-2024-1039 was published Feb 2, 2024
An issue in the OTP mechanism of Chavara Family Welfare Centre Chavara Matrimony Site v2.0 allows... Critical Unreviewed
CVE-2025-45777 was published Jul 25, 2025
Node-SAML SAML Authentication Bypass Critical
CVE-2025-54369 was published for @node-saml/node-saml (npm) Jul 25, 2025
ahacker1-securesaml cjbarth
Credited to ahacker1-securesaml and cjbarth
Cryptographic issue occurs due to use of insecure connection method while downloading. Critical Unreviewed
CVE-2025-21450 was published Jul 8, 2025
Due to insufficient verification, an attacker could use a malicious client to bypass... Critical Unreviewed
CVE-2024-6107 was published Jul 21, 2025
An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions... Critical Unreviewed
CVE-2025-52376 was published Jul 15, 2025
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a... Critical Unreviewed
CVE-2025-32877 was published Jun 20, 2025
A cookie encryption bypass vulnerability exists in Google Chrome’s AppBound mechanism due to weak... Critical Unreviewed
CVE-2025-34092 was published Jul 2, 2025
Improper Authentication vulnerability in Apache Solr Critical
CVE-2024-45216 was published for org.apache.solr:solr (Maven) Oct 16, 2024
An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The... Critical Unreviewed
CVE-2024-45347 was published Jun 23, 2025
An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing... Critical Unreviewed
CVE-2025-32875 was published Jun 20, 2025
Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk... Critical Unreviewed
CVE-2025-6172 was published Jun 16, 2025
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon... Critical Unreviewed
CVE-2020-7533 was published May 24, 2022
An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job... Critical Unreviewed
CVE-2025-29813 was published May 9, 2025
Improper Authentication vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows... Critical Unreviewed
CVE-2025-5597 was published Jun 4, 2025
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a... Critical Unreviewed
CVE-2021-42949 was published Sep 17, 2022
The location module has a vulnerability of bypassing permission verification.Successful... Critical Unreviewed
CVE-2022-39007 was published Sep 17, 2022
The WLAN module has a vulnerability in permission verification. Successful exploitation of this... Critical Unreviewed
CVE-2022-39009 was published Sep 17, 2022
An authentication bypass vulnerability exists in HPE StoreOnce Software. Critical Unreviewed
CVE-2025-37093 was published Jun 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database