Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,747
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

28 advisories

Loading
SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass... Moderate Unreviewed
CVE-2025-46750 was published May 12, 2025
The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and... Moderate Unreviewed
CVE-2025-31192 was published Apr 1, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and... Moderate Unreviewed
CVE-2025-30428 was published Apr 1, 2025
Security Update for the OPC UA .NET Standard Stack Moderate
CVE-2024-42513 was published for OPCFoundation.NetStandard.Opc.Ua.Bindings.Https (NuGet) Mar 3, 2025
TomTervoort
In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0... Moderate Unreviewed
CVE-2025-27371 was published Mar 3, 2025
OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations.... Moderate Unreviewed
CVE-2025-27370 was published Mar 3, 2025
WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling... Moderate Unreviewed
CVE-2025-23017 was published Feb 24, 2025
ZF Roll Stability Support Plus (RSSPlus) is vulnerable to an authentication bypass vulnerability... Moderate Unreviewed
CVE-2024-12054 was published Feb 14, 2025
Duplicate Advisory: Authentication Bypass by Spoofing in OPC UA .NET Standard Stack Moderate
GHSA-7wwr-h8cm-9jf7 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Feb 10, 2025 withdrawn
Authentication Bypass by Primary Weakness vulnerability in yourownprogrammer YOP Poll allows... Moderate Unreviewed
CVE-2023-46611 was published Jan 2, 2025
Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful... Moderate Unreviewed
CVE-2022-48470 was published Dec 28, 2024
A vulnerability was found in Quay, which allows successful authentication even when a truncated... Moderate Unreviewed
CVE-2024-9683 was published Oct 17, 2024
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone... Moderate Unreviewed
CVE-2024-20463 was published Oct 16, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs... Moderate Unreviewed
CVE-2024-5957 was published Sep 5, 2024
This vulnerability allows unauthenticated remote attackers to bypass authentication and gain... Moderate Unreviewed
CVE-2024-5956 was published Sep 5, 2024
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1... Moderate Unreviewed
CVE-2024-4784 was published Aug 8, 2024
Navidrome uses MD5 hashing algorithm Moderate
CVE-2024-41259 was published for github.com/navidrome/navidrome (Go) Aug 1, 2024
Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to... Moderate Unreviewed
CVE-2024-38433 was published Jul 11, 2024
PrivateBin allows shortening of URLs for other domains Moderate
CVE-2024-39899 was published for privatebin/privatebin (Composer) Jul 10, 2024
nbxiglk0
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient... Moderate Unreviewed
CVE-2024-37085 was published Jun 25, 2024
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and... Moderate Unreviewed
CVE-2023-4939 was published Oct 21, 2023
Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn... Moderate Unreviewed
CVE-2023-4498 was published Sep 6, 2023
Dapr API token authentication bypass in HTTP endpoints Moderate
CVE-2023-37918 was published for github.com/dapr/dapr (Go) Jul 21, 2023
ItalyPaleAle
An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could... Moderate Unreviewed
CVE-2023-28126 was published May 10, 2023
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID... Moderate Unreviewed
CVE-2022-40723 was published Apr 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database