Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,736
Maven
5,000+
npm
4,336
NuGet
764
pip
4,110
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

363 advisories

Loading
Filament multi-factor authentication (app) recovery codes can be used multiple times High
CVE-2025-67507 was published for filament/filament (Composer) Dec 9, 2025
JaZo danharrin
Credited to JaZo and danharrin
mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users... Moderate Unreviewed
CVE-2025-66200 was published Dec 5, 2025
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user... High Unreviewed
CVE-2025-66238 was published Dec 5, 2025
The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all... Critical Unreviewed
CVE-2025-13539 was published Nov 27, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability... Critical Unreviewed
CVE-2025-10571 was published Nov 20, 2025
The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authentication Bypass due to improper... Critical Unreviewed
CVE-2025-63217 was published Nov 19, 2025
Drupal Email TFA allows Functionality Bypass Moderate
CVE-2025-12760 was published for drupal/email_tfa (Composer) Nov 18, 2025
@apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields High
CVE-2025-64530 was published for @apollo/composition (npm) Nov 14, 2025
An authentication bypass vulnerability has been identified in certain DSL series routers, may... Critical Unreviewed
CVE-2025-59367 was published Nov 13, 2025
An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to... Critical Unreviewed
CVE-2025-64281 was published Nov 12, 2025
Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145,... Moderate Unreviewed
CVE-2025-13013 was published Nov 11, 2025
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145 and... High Unreviewed
CVE-2025-13018 was published Nov 11, 2025
Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who... Moderate Unreviewed
CVE-2025-12445 was published Nov 10, 2025
Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an... Moderate Unreviewed
CVE-2025-12431 was published Nov 10, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in Elated-Themes Search &... Critical Unreviewed
CVE-2025-62064 was published Nov 6, 2025
On Elspec G5 devices through 1.2.2.19, a person with physical access to the device can reset the... Moderate Unreviewed
CVE-2025-59392 was published Nov 6, 2025
Apollo Router Affected by an Access Control Bypass on Polymorphic Types High
CVE-2025-64173 was published for apollo-router (Rust) Nov 6, 2025
dariuszkuc
Credited to dariuszkuc
The issue was addressed by adding additional logic. This issue is fixed in iOS 26.1 and iPadOS 26... Moderate Unreviewed
CVE-2025-43422 was published Nov 4, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26... High Unreviewed
CVE-2025-43436 was published Nov 4, 2025
The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up... Critical Unreviewed
CVE-2025-5397 was published Oct 31, 2025
Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass High
CVE-2025-12466 was published for drupal/simple_oauth (Composer) Oct 30, 2025
An unauthenticated user can connect to a publicly accessible database using arbitrary credentials... Critical Unreviewed
CVE-2025-9313 was published Oct 28, 2025
HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass High
CVE-2025-11621 was published for github.com/hashicorp/vault (Go) Oct 23, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iulia Cazan Emails... High Unreviewed
CVE-2025-60041 was published Oct 22, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in quantumcloud Simple... Moderate Unreviewed
CVE-2025-49901 was published Oct 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database