Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,855
Erlang
36
GitHub Actions
36
Go
2,481
Maven
5,000+
npm
4,102
NuGet
734
pip
3,916
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

450 advisories

Loading
Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects... High Unreviewed
CVE-2024-7125 was published Aug 27, 2024
A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version... High Unreviewed
CVE-2024-47574 was published Nov 13, 2024
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint High
CVE-2022-34321 was published for org.apache.pulsar:pulsar-proxy (Maven) Mar 12, 2024
oscerd
A file handling command vulnerability in certain versions of Armoury Crate may result in... High Unreviewed
CVE-2024-12957 was published Jan 23, 2025
An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to... High Unreviewed
CVE-2024-45276 was published Oct 15, 2024
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-9861 was published Oct 17, 2024
In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow... High Unreviewed
CVE-2023-31444 was published Apr 28, 2023
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The... High Unreviewed
CVE-2024-37368 was published Jun 14, 2024
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web... High Unreviewed
CVE-2025-21515 was published Jan 21, 2025
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative... High Unreviewed
CVE-2022-24990 was published Feb 7, 2023
A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle... High Unreviewed
CVE-2024-7516 was published Nov 12, 2024
The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an... High Unreviewed
CVE-2024-2860 was published May 8, 2024
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote... High Unreviewed
CVE-2019-9082 was published May 13, 2022
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in... High Unreviewed
CVE-2024-6635 was published Jul 20, 2024
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free... High Unreviewed
CVE-2025-26362 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free... High Unreviewed
CVE-2025-26365 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free... High Unreviewed
CVE-2025-26364 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free... High Unreviewed
CVE-2025-26363 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free... High Unreviewed
CVE-2025-26366 was published Feb 12, 2025
Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to... High Unreviewed
CVE-2025-21355 was published Feb 20, 2025
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated... High Unreviewed
CVE-2025-0108 was published Feb 12, 2025
Duplicate Advisory: Mautic has insufficient authentication in upgrade flow High
GHSA-5hc5-fxr9-5frc was published for mautic/core (Composer) Sep 19, 2024 withdrawn
Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular... High Unreviewed
CVE-2024-31525 was published Mar 5, 2025
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2023-22101 was published Oct 18, 2023
The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to,... High Unreviewed
CVE-2025-1717 was published Feb 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database