GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
91 advisories
Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
Moderate
CVE-2025-62607
was published
for
nautobot-ssot
(pip)
Oct 21, 2025
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
Better Auth: Unauthenticated API key creation through api-key plugin
Critical
CVE-2025-61928
was published
for
better-auth
(npm)
Oct 9, 2025
Dragonfly doesn't have authentication enabled for some Manager’s endpoints
High
CVE-2025-59345
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 17, 2025
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
Critical
CVE-2025-58434
was published
for
flowise
(npm)
Sep 12, 2025
OpenBao allows cancellation of root rekey and recovery rekey operations without authentication
Moderate
CVE-2025-52894
was published
for
github.com/openbao/openbao
(Go)
Jun 26, 2025
MCP Inspector proxy server lacks authentication between the Inspector client and proxy
Critical
CVE-2025-49596
was published
for
@modelcontextprotocol/inspector
(npm)
Jun 13, 2025
Missing Role Based Access Control for the REST handlers in bleve/http package
Moderate
CVE-2022-31022
was published
for
github.com/blevesearch/bleve
(Go)
Jun 3, 2022
ash_authentication has email link auto-click account confirmation vulnerability
Moderate
CVE-2025-32782
was published
for
ash_authentication
(Erlang)
Apr 14, 2025
Jupyter Server Proxy's Websocket Proxying does not require authentication
Critical
CVE-2024-28179
was published
for
jupyter-server-proxy
(pip)
Mar 20, 2024
ProTip!
Advisories are also available from the
GraphQL API