GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,966 advisories
KubeVirt's Improper TLS Certificate Management Handling Allows API Identity Spoofing
Moderate
CVE-2025-64434
was published
for
kubevirt.io/kubevirt
(Go)
Nov 6, 2025
Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions
Low
GHSA-wmjr-v86c-m9jj
was published
for
better-auth
(npm)
Nov 26, 2025
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
Moderate
CVE-2025-64432
was published
for
kubevirt.io/kubevirt
(Go)
Nov 6, 2025
Flowise has Authentication Bypass Using Unprotected Registration Endpoint (/register)
High
GHSA-v5w9-prxf-w882
was published
for
flowise
(npm)
Nov 17, 2025
Memos' Access Tokens Stay Valid after User Password Change
High
CVE-2024-21635
was published
for
github.com/usememos/memos
(Go)
Nov 14, 2025
ZITADEL is vulnerable to Account Takeover with deactivated Instance IdP
High
CVE-2025-64717
was published
for
github.com/zitadel/zitadel
(Go)
Nov 14, 2025
Pekko Management may not properly apply authenticator when Basic Authentication is enabled
Moderate
CVE-2025-46548
was published
for
com.lightbend.akka.management:akka-management_2.12
(Maven)
Jun 3, 2025
sudo-rs doesn't record authenticating user properly in timestamp
Moderate
CVE-2025-64517
was published
for
sudo-rs
(Rust)
Nov 13, 2025
pimcore/admin-ui-classic-bundle Unverified Password Change
Moderate
CVE-2023-5844
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Oct 31, 2023
ProTip!
Advisories are also available from the
GraphQL API