Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

98 advisories

Loading
Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions Low
GHSA-wmjr-v86c-m9jj was published for better-auth (npm) Nov 26, 2025
mufeedvh
Credited to mufeedvh
The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not... Low Unreviewed
CVE-2020-10123 was published May 24, 2022
An authentication issue was addressed with improved state management. This issue is fixed in... Low Unreviewed
CVE-2024-40778 was published Jul 30, 2024
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest... Low Unreviewed
CVE-2023-20867 was published Jun 13, 2023
Improper authentication in zenml Low
CVE-2024-2213 was published for zenml (pip) Jun 6, 2024
Improper authentication in Windows SMB Client allows an unauthorized attacker to perform... Low Unreviewed
CVE-2025-59280 was published Oct 14, 2025
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication... Low Unreviewed
CVE-2025-0672 was published Sep 23, 2025
PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023... Low Unreviewed
CVE-2023-21466 was published Sep 8, 2025
Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows... Low Unreviewed
CVE-2023-21471 was published Sep 5, 2025
HCL IEM is affected by an improper invalidation of access or JWT token vulnerability.  A token... Low Unreviewed
CVE-2025-0249 was published Jul 25, 2025
A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects... Low Unreviewed
CVE-2025-6524 was published Jun 23, 2025
Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion... Low Unreviewed
CVE-2024-38822 was published Jun 13, 2025
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior,... Low Unreviewed
CVE-2020-14477 was published May 24, 2022
Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote... Low Unreviewed
CVE-2022-45433 was published Dec 27, 2022
The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39,... Low Unreviewed
CVE-2015-2047 was published May 17, 2022
Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD... Low Unreviewed
CVE-2022-45430 was published Dec 27, 2022
lxd has a restricted TLS certificate privilege escalation when in PKI mode Low
CVE-2024-6219 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing
Credited to markylaing
A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as... Low Unreviewed
CVE-2025-1880 was published Mar 3, 2025
There is an insufficient authentication vulnerability in some Huawei smart phone. An... Low Unreviewed
CVE-2020-9250 was published Dec 20, 2024
An authentication issue was addressed with improved state management. This issue is fixed in... Low Unreviewed
CVE-2024-27867 was published Jun 26, 2024
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Symfony's `Security::login` does not take into account custom `user_checker` Low
CVE-2024-50341 was published for symfony/security-bundle (Composer) Nov 6, 2024
94noni xabbuh
Credited to 94noni and xabbuh
gitsign may use incorrect Rekor entries during verification Low
CVE-2024-51746 was published for github.com/sigstore/gitsign (Go) Nov 5, 2024
adityasaky
Credited to adityasaky
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs Low
CVE-2024-49755 was published for Duende.IdentityServer (NuGet) Oct 28, 2024
SaltStack Salt Improper Authentication via Man in the Middle Attack Low
CVE-2022-22935 was published for salt (pip) Mar 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database