Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,690
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8... Moderate Unreviewed
CVE-2025-56224 was published Oct 20, 2025
An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS... Moderate Unreviewed
CVE-2025-59980 was published Oct 9, 2025
go-f3 Vulnerable to Cached Justification Verification Bypass Moderate
CVE-2025-59941 was published for github.com/filecoin-project/go-f3 (Go) Sep 29, 2025
lgprbs
Credited to lgprbs
Authentication vulnerability in the distributed collaboration framework module Impact: Successful... Moderate Unreviewed
CVE-2025-53167 was published Jul 7, 2025
SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass... Moderate Unreviewed
CVE-2025-46750 was published May 12, 2025
The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and... Moderate Unreviewed
CVE-2025-31192 was published Apr 1, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and... Moderate Unreviewed
CVE-2025-30428 was published Apr 1, 2025
Security Update for the OPC UA .NET Standard Stack Moderate
CVE-2024-42513 was published for OPCFoundation.NetStandard.Opc.Ua.Bindings.Https (NuGet) Mar 3, 2025
TomTervoort
Credited to TomTervoort
In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0... Moderate Unreviewed
CVE-2025-27371 was published Mar 3, 2025
OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations.... Moderate Unreviewed
CVE-2025-27370 was published Mar 3, 2025
WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling... Moderate Unreviewed
CVE-2025-23017 was published Feb 24, 2025
ZF Roll Stability Support Plus (RSSPlus) is vulnerable to an authentication bypass vulnerability... Moderate Unreviewed
CVE-2024-12054 was published Feb 14, 2025
Duplicate Advisory: Authentication Bypass by Spoofing in OPC UA .NET Standard Stack Moderate
GHSA-7wwr-h8cm-9jf7 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Feb 10, 2025 withdrawn
Authentication Bypass by Primary Weakness vulnerability in yourownprogrammer YOP Poll allows... Moderate Unreviewed
CVE-2023-46611 was published Jan 2, 2025
Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful... Moderate Unreviewed
CVE-2022-48470 was published Dec 28, 2024
A vulnerability was found in Quay, which allows successful authentication even when a truncated... Moderate Unreviewed
CVE-2024-9683 was published Oct 17, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone... Moderate Unreviewed
CVE-2024-20463 was published Oct 16, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs... Moderate Unreviewed
CVE-2024-5957 was published Sep 5, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain... Moderate Unreviewed
CVE-2024-5956 was published Sep 5, 2024
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1... Moderate Unreviewed
CVE-2024-4784 was published Aug 8, 2024
Navidrome uses MD5 hashing algorithm Moderate
CVE-2024-41259 was published for github.com/navidrome/navidrome (Go) Aug 1, 2024
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to... Moderate Unreviewed
CVE-2024-38433 was published Jul 11, 2024
PrivateBin allows shortening of URLs for other domains Moderate
CVE-2024-39899 was published for privatebin/privatebin (Composer) Jul 10, 2024
nbxiglk0
Credited to nbxiglk0
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient... Moderate Unreviewed
CVE-2024-37085 was published Jun 25, 2024
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and... Moderate Unreviewed
CVE-2023-4939 was published Oct 21, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database