Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

35 advisories

Loading
The commissioning wizard on the affected devices does not validate if the device is already... Critical Unreviewed
CVE-2025-41733 was published Nov 18, 2025
IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote... Critical Unreviewed
CVE-2025-36386 was published Oct 28, 2025
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by... Critical Unreviewed
CVE-2025-46801 was published May 19, 2025
OPKSSH Vulnerable to Authentication Bypass Critical
CVE-2025-4658 was published for github.com/openpubkey/opkssh (Go) May 13, 2025
EthanHeilman
Credited to EthanHeilman
OpenPubkey Vulnerable to Authentication Bypass Critical
CVE-2025-3757 was published for github.com/openpubkey/openpubkey (Go) May 13, 2025
EthanHeilman
Credited to EthanHeilman
KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured... Critical Unreviewed
CVE-2025-24522 was published May 2, 2025
KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a... Critical Unreviewed
CVE-2025-32011 was published May 2, 2025
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the... Critical Unreviewed
CVE-2025-31161 was published Apr 3, 2025
SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling... Critical Unreviewed
CVE-2024-12802 was published Jan 9, 2025
A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all... Critical Unreviewed
CVE-2021-26102 was published Dec 19, 2024
A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an... Critical Unreviewed
CVE-2023-20154 was published Nov 15, 2024
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service Critical
CVE-2024-10082 was published for codechecker (pip) Nov 6, 2024
Discookie
Credited to Discookie
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless... Critical Unreviewed
CVE-2024-50478 was published Oct 28, 2024
The vulnerability allows attackers access to the root account without having to authenticate.... Critical Unreviewed
CVE-2023-41920 was published Jul 2, 2024
MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function Critical Unreviewed
CVE-2024-36388 was published Jun 2, 2024
Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote... Critical Unreviewed
CVE-2024-3847 was published Apr 17, 2024
Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows... Critical Unreviewed
CVE-2023-6153 was published Mar 27, 2024
Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication... Critical Unreviewed
CVE-2024-1202 was published Mar 21, 2024
Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security... Critical Unreviewed
CVE-2023-7103 was published Mar 5, 2024
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all... Critical Unreviewed
CVE-2024-1403 was published Feb 27, 2024
Windows Kerberos Security Feature Bypass Vulnerability Critical Unreviewed
CVE-2024-20674 was published Jan 9, 2024
ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an... Critical Unreviewed
CVE-2023-1935 was published Aug 3, 2023
SonicWall GMS and Analytics CAS Web Services application use static values for authentication... Critical Unreviewed
CVE-2023-34137 was published Jul 13, 2023
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks,... Critical Unreviewed
CVE-2023-34124 was published Jul 13, 2023
Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router... Critical Unreviewed
CVE-2023-1833 was published Apr 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database