Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,821
Erlang
36
GitHub Actions
32
Go
2,413
Maven
5,000+
npm
4,052
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,004
Swift
38
Unreviewed advisories
All unreviewed
5,000+

52 advisories

Loading
Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges... High Unreviewed
CVE-2025-7326 was published Jul 8, 2025
Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges... Moderate Unreviewed
CVE-2025-47995 was published Jul 18, 2025
The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a... High Unreviewed
CVE-2025-1727 was published Jul 11, 2025
Weak Authentication vulnerability in AresIT WP Compress allows Authentication Abuse. This issue... Moderate Unreviewed
CVE-2025-47479 was published Jul 4, 2025
Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability High
CVE-2025-24070 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Mar 11, 2025
dwelch2344 udlose
A username and password are required to authenticate to the central SinoTrack device management... High Unreviewed
CVE-2025-5484 was published Jun 12, 2025
An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and... Moderate Unreviewed
CVE-2024-32119 was published Jun 10, 2025
Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email... High Unreviewed
CVE-2025-31676 was published Apr 1, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17... Moderate Unreviewed
CVE-2025-0605 was published May 22, 2025
Jenkins WSO2 Oauth Plugin Fails to Properly Authenticate User Credentials High
CVE-2025-47889 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 14, 2025
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there... Moderate Unreviewed
CVE-2025-32885 was published May 2, 2025
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The app there... Moderate Unreviewed
CVE-2025-32883 was published May 2, 2025
Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This... Critical Unreviewed
CVE-2025-39596 was published Apr 17, 2025
Weak authentication in Windows Active Directory Certificate Services allows an authorized... High Unreviewed
CVE-2025-27740 was published Apr 8, 2025
Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature... Moderate Unreviewed
CVE-2025-26635 was published Apr 8, 2025
A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions),... Critical Unreviewed
CVE-2024-54092 was published Apr 8, 2025
Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes... Moderate Unreviewed
CVE-2024-45551 was published Apr 7, 2025
Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol... Low Unreviewed
CVE-2025-29991 was published Apr 3, 2025
Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in... Critical Unreviewed
CVE-2024-39848 was published Jun 30, 2024
An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass... High Unreviewed
CVE-2024-36787 was published Jun 7, 2024
A vulnerability in the ClearPass Policy Manager web-based management interface allows a low... High Unreviewed
CVE-2025-23058 was published Feb 4, 2025
Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards ... Moderate Unreviewed
CVE-2025-21552 was published Jan 21, 2025
This vulnerability exists in the CAP back office application due to improper authentication check... High Unreviewed
CVE-2025-29994 was published Mar 13, 2025
Hermes improperly validates a JWT High
CVE-2025-1293 was published for github.com/hashicorp-forge/hermes (Go) Feb 20, 2025
Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged... High Unreviewed
CVE-2024-52541 was published Feb 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database