Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,603
Maven
5,000+
npm
4,250
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

476 advisories

Loading
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing... Critical Unreviewed
CVE-2025-53072 was published Oct 21, 2025
Authentication bypass in Apache Airflow Critical
CVE-2020-13927 was published for apache-airflow (pip) Apr 30, 2021
sunSUNQ
Credited to sunSUNQ
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST... Critical Unreviewed
CVE-2025-61757 was published Oct 21, 2025
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of... Critical Unreviewed
CVE-2025-53037 was published Oct 21, 2025
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication... Critical Unreviewed
CVE-2024-8956 was published Sep 17, 2024
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server... Critical Unreviewed
CVE-2023-42793 was published Sep 19, 2023
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with... Critical Unreviewed
CVE-2023-46747 was published Oct 26, 2023
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An... Critical Unreviewed
CVE-2023-28461 was published Mar 16, 2023
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and... Critical Unreviewed
CVE-2021-44077 was published Nov 30, 2021
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability.... Critical Unreviewed
CVE-2024-11680 was published Nov 26, 2024
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows... Critical Unreviewed
CVE-2024-51567 was published Oct 30, 2024
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated... Critical Unreviewed
CVE-2024-0012 was published Nov 18, 2024
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through... Critical Unreviewed
CVE-2024-47575 was published Oct 23, 2024
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an... Critical Unreviewed
CVE-2024-5910 was published Jul 10, 2024
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote... Critical Unreviewed
CVE-2020-10148 was published May 24, 2022
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version... Critical Unreviewed
CVE-2022-40684 was published Oct 18, 2022
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business... Critical Unreviewed
CVE-2022-21587 was published Oct 19, 2022
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x... Critical Unreviewed
CVE-2022-1388 was published May 6, 2022
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). Critical Unreviewed
CVE-2022-26501 was published Mar 18, 2022
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business... Critical Unreviewed
CVE-2022-26143 was published Mar 11, 2022
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive,... Critical Unreviewed
CVE-2022-23227 was published Jan 15, 2022
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component:... Critical Unreviewed
CVE-2021-35587 was published Jan 20, 2022
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that... Critical Unreviewed
CVE-2021-37415 was published May 24, 2022
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication... Critical Unreviewed
CVE-2020-6207 was published May 24, 2022
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does... Critical Unreviewed
CVE-2010-5326 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database