GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,406
Composer 4,950
Erlang 39
GitHub Actions 38
Go 2,605
Maven 6,057
npm 4,250
NuGet 756
pip 4,016
Pub 12
RubyGems 953
Rust 1,049
Swift 45

Unreviewed advisories

All unreviewed 275,131

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

56 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged... High Unreviewed

CVE-2024-52541 was published Feb 19, 2025

Hermes improperly validates a JWT High

CVE-2025-1293 was published for github.com/hashicorp-forge/hermes (Go) Feb 20, 2025

This vulnerability exists in the CAP back office application due to improper authentication check... High Unreviewed

CVE-2025-29994 was published Mar 13, 2025

Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards ... Moderate Unreviewed

CVE-2025-21552 was published Jan 21, 2025

A vulnerability in the ClearPass Policy Manager web-based management interface allows a low... High Unreviewed

CVE-2025-23058 was published Feb 4, 2025

An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass... High Unreviewed

CVE-2024-36787 was published Jun 7, 2024

Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in... Critical Unreviewed

CVE-2024-39848 was published Jun 30, 2024

Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol... Low Unreviewed

CVE-2025-29991 was published Apr 3, 2025

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes... Moderate Unreviewed

CVE-2024-45551 was published Apr 7, 2025

A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions),... Critical Unreviewed

CVE-2024-54092 was published Apr 8, 2025

Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature... Moderate Unreviewed

CVE-2025-26635 was published Apr 8, 2025

Weak authentication in Windows Active Directory Certificate Services allows an authorized... High Unreviewed

CVE-2025-27740 was published Apr 8, 2025

Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This... Critical Unreviewed

CVE-2025-39596 was published Apr 17, 2025

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The app there... Moderate Unreviewed

CVE-2025-32883 was published May 2, 2025

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there... Moderate Unreviewed

CVE-2025-32885 was published May 2, 2025

Jenkins WSO2 Oauth Plugin Fails to Properly Authenticate User Credentials High

CVE-2025-47889 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 14, 2025

An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17... Moderate Unreviewed

CVE-2025-0605 was published May 22, 2025

Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email... High Unreviewed

CVE-2025-31676 was published Apr 1, 2025

An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and... Moderate Unreviewed

CVE-2024-32119 was published Jun 10, 2025

A username and password are required to authenticate to the central SinoTrack device management... High Unreviewed

CVE-2025-5484 was published Jun 12, 2025

Weak Authentication vulnerability in AresIT WP Compress allows Authentication Abuse. This issue... Moderate Unreviewed

CVE-2025-47479 was published Jul 4, 2025

The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a... High Unreviewed

CVE-2025-1727 was published Jul 11, 2025

Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges... Moderate Unreviewed

CVE-2025-47995 was published Jul 18, 2025

Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges... High Unreviewed

CVE-2025-7326 was published Jul 8, 2025

Weak authentication in Windows Installer allows an authorized attacker to elevate privileges... High Unreviewed

CVE-2025-50173 was published Aug 12, 2025

Previous 123 Next

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

56 advisories