Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,822
Erlang
36
GitHub Actions
32
Go
2,413
Maven
5,000+
npm
4,052
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

470 advisories

Loading
Node-SAML SAML Signature Verification Vulnerability Critical
CVE-2025-54419 was published for @node-saml/node-saml (npm) Jul 28, 2025
ahacker1-securesaml cjbarth
Node-SAML SAML Authentication Bypass Critical
CVE-2025-54369 was published for @node-saml/node-saml (npm) Jul 25, 2025
ahacker1-securesaml cjbarth
Alchemy Non-SMA and Webauthn Account Security Advisory High
GHSA-56r6-ccm5-8hg3 was published for @account-kit/smart-contracts (npm) Jul 21, 2025
carlos-cow
Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows Moderate
CVE-2025-53889 was published for directus (npm) Jul 15, 2025
licitdev
Salt has minion event bus authorization bypass vulnerability High
CVE-2025-22236 was published for salt (pip) Jun 13, 2025
Salt's salt.auth.pki module does not properly authenticate callers Moderate
CVE-2024-38825 was published for salt (pip) Jun 13, 2025
pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration High
CVE-2025-49146 was published for org.postgresql:postgresql (Maven) Jun 11, 2025
jawj
Erxes Incorrect Access Control vulnerability High
CVE-2024-57190 was published for erxes (npm) Jun 10, 2025
Pekko Management may not properly apply authenticator when Basic Authentication enabled Moderate
CVE-2025-46548 was published for com.lightbend.akka.management:akka-management_2.12 (Maven) Jun 3, 2025
laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-9fwj-9mjf-rhj3 was published for auth0/login (Composer) May 17, 2025
Sideni
Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-2f4r-34m4-3w8q was published for auth0/wordpress (Composer) May 17, 2025
Sideni
Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-9wg9-93h9-j8ch was published for auth0/symfony (Composer) May 17, 2025
Sideni
Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK Critical
CVE-2025-47275 was published for auth0/auth0-php (Composer) May 16, 2025
Sideni kevinroh-okta
Jenkins WSO2 Oauth Plugin Fails to Properly Authenticate User Credentials High
CVE-2025-47889 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 14, 2025
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling High
CVE-2025-46573 was published for passport-wsfed-saml2 (npm) May 6, 2025
kevinroh-okta
Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping Critical
CVE-2025-46572 was published for passport-wsfed-saml2 (npm) May 6, 2025
@cloudflare/workers-oauth-provider PKCE bypass via downgrade attack Moderate
CVE-2025-4144 was published for @cloudflare/workers-oauth-provider (npm) May 1, 2025
Duplicate Advisory: @cloudflare/workers-oauth-provider PKCE bypass via downgrade attack Moderate
GHSA-vh4h-fvqf-q9wv was published for @cloudflare/workers-oauth-provider (npm) May 1, 2025 withdrawn
Keycloak vulnerable to two factor authentication bypass Moderate
CVE-2025-3910 was published for org.keycloak:keycloak-services (Maven) Apr 30, 2025
Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass Moderate
GHSA-fx44-2wx5-5fvp was published for org.keycloak:keycloak-services (Maven) Apr 29, 2025 withdrawn
YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download Critical
CVE-2025-46348 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
pizza-power
Moodle self enrollment available before completing second factor with MFA enabled Moderate
CVE-2025-3634 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle makes some user data available before completing second factor with MFA enabled Moderate
CVE-2025-3627 was published for moodle/moodle (Composer) Apr 25, 2025
NATS Server may fail to authorize certain Jetstream admin APIs Critical
CVE-2025-30215 was published for github.com/nats-io/nats-server/v2 (Go) Apr 15, 2025
zarqman
Joomla CMS Multi-Factor Authentication Bypass High
CVE-2025-25227 was published for joomla/joomla-cms (Composer) Apr 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database