Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,731
Erlang
35
GitHub Actions
29
Go
2,308
Maven
5,000+
npm
3,949
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

940 advisories

Loading
An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass... Critical Unreviewed
CVE-2024-41195 was published May 22, 2025
An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication... Critical Unreviewed
CVE-2024-41198 was published May 22, 2025
An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass... Critical Unreviewed
CVE-2024-41196 was published May 22, 2025
An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication... Critical Unreviewed
CVE-2024-41197 was published May 22, 2025
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the... Critical Unreviewed
CVE-2025-34026 was published May 22, 2025
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the... Critical Unreviewed
CVE-2025-34027 was published May 22, 2025
An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login... Critical Unreviewed
CVE-2025-44083 was published May 21, 2025
A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1... Critical Unreviewed
CVE-2025-4978 was published May 20, 2025
laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-9fwj-9mjf-rhj3 was published for auth0/login (Composer) May 17, 2025
Sideni
Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-2f4r-34m4-3w8q was published for auth0/wordpress (Composer) May 17, 2025
Sideni
Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-9wg9-93h9-j8ch was published for auth0/symfony (Composer) May 17, 2025
Sideni
Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK Critical
CVE-2025-47275 was published for auth0/auth0-php (Composer) May 16, 2025
Sideni kevinroh-okta
Improper authentication handling was identified in a set of HTTP POST requests affecting the... Critical Unreviewed
CVE-2025-3659 was published May 12, 2025
On affected versions of the CloudVision Portal, improper access controls could enable a malicious... Critical Unreviewed
CVE-2024-11186 was published May 8, 2025
Passport-wsfed-saml2 allows SAML Authentication Bypass via Signature Wrapping Critical
CVE-2025-46572 was published for passport-wsfed-saml2 (npm) May 6, 2025
YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download Critical
CVE-2025-46348 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
pizza-power
An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass... Critical Unreviewed
CVE-2023-44752 was published Apr 22, 2025
NATS Server may fail to authorize certain Jetstream admin APIs Critical
CVE-2025-30215 was published for github.com/nats-io/nats-server/v2 (Go) Apr 15, 2025
zarqman
An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the... Critical Unreviewed
CVE-2025-22375 was published Apr 10, 2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper... Critical Unreviewed
CVE-2025-30282 was published Apr 8, 2025
This issue was addressed through improved state management. This issue is fixed in visionOS 2.4,... Critical Unreviewed
CVE-2025-30430 was published Apr 1, 2025
Vulnerability in Hewlett Packard Enterprise HPE Insight Cluster Management Utility (CMU).This... Critical Unreviewed
CVE-2024-13804 was published Mar 31, 2025
CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability... Critical Unreviewed
CVE-2025-2825 was published Mar 26, 2025
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the... Critical Unreviewed
CVE-2025-2746 was published Mar 24, 2025
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the... Critical Unreviewed
CVE-2025-2747 was published Mar 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database