Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,746
Erlang
35
GitHub Actions
29
Go
2,319
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
920
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

159 advisories

Loading
Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote... Moderate Unreviewed
CVE-2025-48012 was published May 21, 2025
Tiiwee X1 Alarm System TWX1HAKV2 allows Authentication Bypass by Capture-replay, leading to... High Unreviewed
CVE-2025-30072 was published May 19, 2025
Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal... Moderate Unreviewed
CVE-2025-47706 was published May 14, 2025
ZITADEL Allows IdP Intent Token Reuse High
CVE-2025-46815 was published for github.com/zitadel/zitadel (Go) May 6, 2025
cfx livio-a
fforootd
A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix ... Critical Unreviewed
CVE-2021-27289 was published Apr 15, 2025
Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028... High Unreviewed
CVE-2024-12137 was published Mar 19, 2025
SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This... High Unreviewed
CVE-2025-1887 was published Mar 7, 2025
Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote... Critical Unreviewed
CVE-2025-26201 was published Feb 24, 2025
The login mechanism via device authentication of CGFIDO from Changing Information Technology has... High Unreviewed
CVE-2024-12839 was published Dec 31, 2024
Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay... Moderate Unreviewed
CVE-2024-52534 was published Dec 25, 2024
Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by... High Unreviewed
CVE-2024-49595 was published Nov 26, 2024
In the development options section of the Settings app, there is a possible authentication bypass... High Unreviewed
CVE-2018-9477 was published Nov 20, 2024
Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against... Low Unreviewed
CVE-2024-36250 was published Nov 9, 2024
A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which... High Unreviewed
CVE-2024-40715 was published Nov 7, 2024
There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service... High Unreviewed
CVE-2024-22066 was published Oct 29, 2024
IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay. High Unreviewed
CVE-2024-46041 was published Oct 7, 2024
An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack... Moderate Unreviewed
CVE-2024-39081 was published Sep 18, 2024
The session hijacking attack targets the application layer's control mechanism, which manages... High Unreviewed
CVE-2024-43099 was published Sep 13, 2024
OPA for Windows has an SMB force-authentication vulnerability Moderate
CVE-2024-8260 was published for github.com/open-policy-agent/opa (Go) Aug 30, 2024
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the... High Unreviewed
CVE-2024-3982 was published Aug 27, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window Moderate
CVE-2024-45244 was published for github.com/hyperledger/fabric (Go) Aug 25, 2024
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and... High Unreviewed
CVE-2024-38890 was published Aug 2, 2024
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed. Moderate Unreviewed
CVE-2024-5249 was published Jul 30, 2024
D-Link - CWE-294: Authentication Bypass by Capture-replay Critical Unreviewed
CVE-2024-38438 was published Jul 21, 2024
Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay... Moderate Unreviewed
CVE-2024-37016 was published Jul 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database