Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,483 advisories

Loading
Vulnerability of improper authentication in the Iaware module. Impact: Successful exploitation of... High Unreviewed
CVE-2023-52540 was published Apr 8, 2024
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1... High Unreviewed
CVE-2022-47700 was published Jan 31, 2023
A code execution vulnerability exists in the XiaomiGetApps application product. This... High Unreviewed
CVE-2024-45346 was published Aug 28, 2024
Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint High
CVE-2024-8053 was published for open-webui (pip) Mar 20, 2025
An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7... High Unreviewed
CVE-2022-42951 was published Feb 6, 2023
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of... High Unreviewed
CVE-2025-30116 was published Mar 18, 2025
The IHwAttestationService interface has a defect in authentication. Successful exploitation of... High Unreviewed
CVE-2022-48294 was published Feb 9, 2023
Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker... High Unreviewed
CVE-2024-57490 was published Mar 21, 2025
there is a possible permission bypass due to Debug certs being allowlisted. This could lead to... High Unreviewed
CVE-2024-29757 was published Apr 5, 2024
Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries High
CVE-2025-27403 was published for github.com/deislabs/ratify (Go) Mar 11, 2025
A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay... High Unreviewed
CVE-2025-2230 was published Mar 13, 2025
A vulnerability in the remote connection complements of the NVDA (Nonvisual Desktop Access) 2024... High Unreviewed
CVE-2025-26326 was published Feb 28, 2025
CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass... High Unreviewed
CVE-2025-0813 was published Mar 12, 2025
Improper Authentication vulnerability in GE Vernova EnerVista UR Setup allows Authentication... High Unreviewed
CVE-2025-27254 was published Mar 10, 2025
The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin... High Unreviewed
CVE-2024-11087 was published Mar 8, 2025
Improper Authentication in Flask-AppBuilder High
CVE-2021-41265 was published for Flask-AppBuilder (pip) Dec 9, 2021
Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to... High Unreviewed
CVE-2023-37362 was published Jul 20, 2023
Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library High
GHSA-gmhj-xjfh-cf6m was published for github.com/mohammed90/caddy-ssh (Go) Sep 23, 2022
Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account... High Unreviewed
CVE-2025-1723 was published Mar 3, 2025
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary... High Unreviewed
CVE-2025-1024 was published Feb 19, 2025
In serializePasspointConfiguration of PasspointXmlUtils.java, there is a possible logic error in... High Unreviewed
CVE-2023-21027 was published Mar 24, 2023
djoser Authentication Bypass High
CVE-2024-21543 was published for djoser (pip) Dec 13, 2024
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to hijack a user's... High Unreviewed
CVE-2025-0981 was published Feb 18, 2025
A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits... High Unreviewed
CVE-2024-57046 was published Feb 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database