Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,277 advisories

Loading
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() Moderate
CVE-2022-23540 was published for jsonwebtoken (npm) Dec 22, 2022
An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to... Moderate Unreviewed
CVE-2024-52968 was published Feb 11, 2025
Windows Remote Desktop Configuration Service Tampering Vulnerability Moderate Unreviewed
CVE-2025-21349 was published Feb 11, 2025
Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and... Moderate Unreviewed
CVE-2023-1980 was published Apr 11, 2023
Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows... Moderate Unreviewed
CVE-2024-20856 was published May 7, 2024
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18,... Moderate Unreviewed
CVE-2020-8196 was published May 24, 2022
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18,... Moderate Unreviewed
CVE-2020-8193 was published May 24, 2022
The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing... Moderate Unreviewed
CVE-2022-48314 was published Apr 16, 2023
A vulnerability was found in pam_access due to the improper handling of tokens in access.conf,... Moderate Unreviewed
CVE-2024-10963 was published Nov 7, 2024
When multiple server blocks are configured to share the same IP address and port, an attacker can... Moderate Unreviewed
CVE-2025-23419 was published Feb 5, 2025
If LDAP settings are accessed, authentication could be redirected to another server, potentially... Moderate Unreviewed
CVE-2024-12510 was published Feb 3, 2025
Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2024-13309 was published Jan 9, 2025
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or... Moderate Unreviewed
CVE-2020-3952 was published May 24, 2022
API Security bypass through header manipulation Moderate Unreviewed
CVE-2024-55925 was published Jan 23, 2025
An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to... Moderate Unreviewed
CVE-2023-28325 was published May 12, 2023
actionpack Improper Authentication vulnerability Moderate
CVE-2012-3424 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry levpachmanov
** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value... Moderate Unreviewed
CVE-2009-0130 was published May 2, 2022
Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin... Moderate Unreviewed
CVE-2009-3168 was published May 2, 2022
matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content Moderate
CVE-2024-36402 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
Issue with whitespace in JWT roles in OpenSearch Moderate
CVE-2023-23612 was published for org.opensearch.plugin:opensearch-security (Maven) Jan 24, 2023
binary-1024
Vulnerability of improper authentication in the ANS system service module Impact: Successful... Moderate Unreviewed
CVE-2023-52955 was published Jan 8, 2025
A user with administrator privileges is able to retrieve authentication tokens Moderate Unreviewed
CVE-2024-9133 was published Jan 11, 2025
Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful... Moderate Unreviewed
CVE-2024-56445 was published Jan 8, 2025
A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan... Moderate Unreviewed
CVE-2024-13111 was published Jan 2, 2025
CWE-287: Improper Authentication vulnerability exists that could cause Denial of access to the... Moderate Unreviewed
CVE-2024-10511 was published Dec 11, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database