Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,782
Erlang
36
GitHub Actions
29
Go
2,347
Maven
5,000+
npm
3,976
NuGet
720
pip
3,774
Pub
12
RubyGems
923
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,287 advisories

Loading
Parse Server has an OAuth login vulnerability Moderate
CVE-2025-30168 was published for parse-server (npm) Mar 21, 2025
tiaod dblythy
mtrezza
In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that... Moderate Unreviewed
CVE-2024-12869 was published Mar 20, 2025
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore... Moderate Unreviewed
CVE-2025-26475 was published Mar 19, 2025
A vulnerability was found in Keytop 路内停车收费系统 2.7.1. It has been declared as critical. Affected by... Moderate Unreviewed
CVE-2025-2388 was published Mar 17, 2025
A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash... Moderate Unreviewed
CVE-2025-2344 was published Mar 16, 2025
A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This... Moderate Unreviewed
CVE-2025-2339 was published Mar 16, 2025
Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover Moderate
CVE-2025-29773 was published for froxlor/froxlor (Composer) Mar 11, 2025
halas98
Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak Moderate
CVE-2025-0604 was published for org.keycloak:keycloak-ldap-federation (Maven) Mar 10, 2025
An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to... Moderate Unreviewed
CVE-2025-25452 was published Mar 6, 2025
An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to... Moderate Unreviewed
CVE-2025-25450 was published Mar 6, 2025
An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a physically proximate... Moderate Unreviewed
CVE-2025-25451 was published Mar 6, 2025
Scanning certain QR codes that included text with a website URL could allow the URL to be opened... Moderate Unreviewed
CVE-2025-27425 was published Mar 4, 2025
MinIO allows an SFTP authentication bypass due to improperly trusted SSH key Moderate
CVE-2025-27414 was published for github.com/minio/minio (Go) Mar 3, 2025
donatello ston1th
While processing the authentication message in UE, improper authentication may lead to... Moderate Unreviewed
CVE-2024-38426 was published Mar 3, 2025
Navidrome allows an authentication bypass in Subsonic API with non-existent username Moderate
CVE-2025-27112 was published for github.com/navidrome/navidrome (Go) Feb 25, 2025
daniele-athome
A flaw in Gliffy results in broken authentication through the reset functionality of the... Moderate Unreviewed
CVE-2024-5174 was published Feb 24, 2025
An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate... Moderate Unreviewed
CVE-2024-54916 was published Feb 12, 2025
Windows Remote Desktop Configuration Service Tampering Vulnerability Moderate Unreviewed
CVE-2025-21349 was published Feb 11, 2025
An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to... Moderate Unreviewed
CVE-2024-52968 was published Feb 11, 2025
Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an... Moderate Unreviewed
CVE-2025-1231 was published Feb 11, 2025
A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This... Moderate Unreviewed
CVE-2025-1104 was published Feb 7, 2025
When multiple server blocks are configured to share the same IP address and port, an attacker can... Moderate Unreviewed
CVE-2025-23419 was published Feb 5, 2025
If LDAP settings are accessed, authentication could be redirected to another server, potentially... Moderate Unreviewed
CVE-2024-12510 was published Feb 3, 2025
API Security bypass through header manipulation Moderate Unreviewed
CVE-2024-55925 was published Jan 23, 2025
Duplicate Advisory: Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak Moderate
GHSA-m3hp-8546-5qmr was published for org.keycloak:keycloak-ldap-federation (Maven) Jan 22, 2025 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database