GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,763
Composer 4,750
Erlang 35
GitHub Actions 29
Go 2,323
Maven 5,608
npm 3,956
NuGet 712
pip 3,739
Pub 12
RubyGems 921
Rust 973
Swift 38

Unreviewed advisories

All unreviewed 258,249

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

62 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by... Critical Unreviewed

CVE-2025-46801 was published May 19, 2025

SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass... Moderate Unreviewed

CVE-2025-46750 was published May 12, 2025

KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a... Critical Unreviewed

CVE-2025-32011 was published May 2, 2025

KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured... Critical Unreviewed

CVE-2025-24522 was published May 2, 2025

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the... Critical Unreviewed

CVE-2025-31161 was published Apr 3, 2025

The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and... Moderate Unreviewed

CVE-2025-31192 was published Apr 1, 2025

This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and... Moderate Unreviewed

CVE-2025-30428 was published Apr 1, 2025

In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password... High Unreviewed

CVE-2024-12776 was published Mar 20, 2025

In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0... Moderate Unreviewed

CVE-2025-27371 was published Mar 3, 2025

OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations.... Moderate Unreviewed

CVE-2025-27370 was published Mar 3, 2025

WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling... Moderate Unreviewed

CVE-2025-23017 was published Feb 24, 2025

ZF Roll Stability Support Plus (RSSPlus) is vulnerable to an authentication bypass vulnerability... Moderate Unreviewed

CVE-2024-12054 was published Feb 14, 2025

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling... Critical Unreviewed

CVE-2024-12802 was published Jan 9, 2025

Authentication Bypass by Primary Weakness vulnerability in yourownprogrammer YOP Poll allows... Moderate Unreviewed

CVE-2023-46611 was published Jan 2, 2025

Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful... Moderate Unreviewed

CVE-2022-48470 was published Dec 28, 2024

A flaw was found in the skupper console, a read-only interface that renders cluster network,... High Unreviewed

CVE-2024-12582 was published Dec 24, 2024

A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all... Critical Unreviewed

CVE-2021-26102 was published Dec 19, 2024

A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an... Critical Unreviewed

CVE-2023-20154 was published Nov 15, 2024

Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless... Critical Unreviewed

CVE-2024-50478 was published Oct 28, 2024

A vulnerability was found in Quay, which allows successful authentication even when a truncated... Moderate Unreviewed

CVE-2024-9683 was published Oct 17, 2024

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone... Moderate Unreviewed

CVE-2024-20463 was published Oct 16, 2024

This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs... Moderate Unreviewed

CVE-2024-5957 was published Sep 5, 2024

This vulnerability allows unauthenticated remote attackers to bypass authentication and gain... Moderate Unreviewed

CVE-2024-5956 was published Sep 5, 2024

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1... Moderate Unreviewed

CVE-2024-4784 was published Aug 8, 2024

The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege... High Unreviewed

CVE-2024-6637 was published Jul 20, 2024

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

62 advisories