GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,776
Composer 5,036
Erlang 39
GitHub Actions 38
Go 2,680
Maven 6,124
npm 4,308
NuGet 760
pip 4,081
Pub 12
RubyGems 958
Rust 1,061
Swift 45

Unreviewed advisories

All unreviewed 278,333

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

45 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication... Critical Unreviewed

CVE-2023-30803 was published Oct 10, 2023

An attacker could take over a Looker account in a Looker instance configured with OIDC... Critical Unreviewed

CVE-2025-12414 was published Nov 20, 2025

Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin... Critical Unreviewed

CVE-2025-58595 was published Nov 6, 2025

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in... Critical Unreviewed

CVE-2025-43245 was published Jul 30, 2025

AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication... Critical Unreviewed

CVE-2024-54085 was published Mar 11, 2025

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of... Critical Unreviewed

CVE-2022-24112 was published Feb 12, 2022

In the case of instances where the SAML SSO authentication is enabled (non-default), session data... Critical Unreviewed

CVE-2022-23131 was published Jan 14, 2022

Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of... Critical Unreviewed

CVE-2025-1298 was published Feb 14, 2025

Official Document Management System developed by 2100 Technology has an Authentication Bypass... Critical Unreviewed

CVE-2025-8853 was published Aug 11, 2025

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Critical Unreviewed

CVE-2025-36594 was published Aug 4, 2025

A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1... Critical Unreviewed

CVE-2025-34063 was published Jul 1, 2025

A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and... Critical Unreviewed

CVE-2023-51350 was published Jan 12, 2024

An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses... Critical Unreviewed

CVE-2023-41591 was published May 29, 2025

An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running... Critical Unreviewed

CVE-2017-14003 was published May 13, 2022

An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor... Critical Unreviewed

CVE-2024-55210 was published Apr 9, 2025

A vulnerability in the web-based management interface of Cisco Small Business RV042 Series... Critical Unreviewed

CVE-2023-20025 was published Jan 20, 2023

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed

CVE-2025-27671 was published Mar 5, 2025

The control component has a spoofing vulnerability. Successful exploitation of this vulnerability... Critical Unreviewed

CVE-2022-48349 was published Mar 28, 2023

Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote... Critical Unreviewed

CVE-2023-31424 was published Aug 31, 2023

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and... Critical Unreviewed

CVE-2022-3180 was published Feb 12, 2025

Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to... Critical Unreviewed

CVE-2025-21415 was published Jan 30, 2025

By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it... Critical Unreviewed

CVE-2024-29006 was published Apr 4, 2024

The Electronic Official Document Management System from 2100 Technology has an Authentication... Critical Unreviewed

CVE-2024-13061 was published Dec 31, 2024

In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp... Critical Unreviewed

CVE-2024-12108 was published Dec 31, 2024

An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is... Critical Unreviewed

CVE-2024-54450 was published Dec 27, 2024

Previous12 Next

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

45 advisories