Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,483 advisories

Loading
Bypass vulnerability in the device management channel Impact: Successful exploitation of this... High Unreviewed
CVE-2025-48909 was published Jun 6, 2025
In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication... High Unreviewed
CVE-2021-38618 was published May 24, 2022
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses... High Unreviewed
CVE-2022-34908 was published Feb 27, 2023
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login High
CVE-2025-23389 was published for github.com/rancher/rancher (Go) Feb 27, 2025
AnonySE26
In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump ... High Unreviewed
CVE-2019-10964 was published May 24, 2022
Medtronic MyCareLink Smart 25000 all versions contain an authentication protocol vuln where the... High Unreviewed
CVE-2020-25183 was published May 24, 2022
Jenkins WSO2 Oauth Plugin Fails to Properly Authenticate User Credentials High
CVE-2025-47889 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 14, 2025
Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM... High Unreviewed
CVE-2025-41450 was published May 8, 2025
Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use High
CVE-2021-29047 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Improper authentication in the firmware for the Intel(R) Slim Bootloader may allow a privileged... High Unreviewed
CVE-2025-20083 was published May 13, 2025
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling High
CVE-2025-46573 was published for passport-wsfed-saml2 (npm) May 6, 2025
kevinroh-okta
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper... High Unreviewed
CVE-2025-22477 was published May 6, 2025
BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local... High Unreviewed
CVE-2025-0217 was published May 5, 2025
CKAN contains Improper Authentication leading to account takeover High
CVE-2022-43685 was published for ckan (pip) Nov 22, 2022
Spring Security Does Not Enforce Password Length High
CVE-2025-22228 was published for org.springframework.security:spring-security-crypto (Maven) Mar 20, 2025
ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code... High Unreviewed
CVE-2025-3935 was published Apr 25, 2025
An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4... High Unreviewed
CVE-2022-44037 was published Nov 29, 2022
The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all... High Unreviewed
CVE-2024-11917 was published Apr 25, 2025
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through... High Unreviewed
CVE-2022-46411 was published Dec 4, 2022
Denial of service in Modem module due to improper authorization while error handling in... High Unreviewed
CVE-2022-25685 was published Dec 13, 2022
Vulnerability in Hewlett Packard Enterprise HPE Performance Cluster Manager (HPCM).This issue... High Unreviewed
CVE-2025-27086 was published Apr 21, 2025
Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username:... High Unreviewed
CVE-2020-23935 was published May 24, 2022
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL... High Unreviewed
CVE-2017-16689 was published May 14, 2022
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows... High Unreviewed
CVE-2017-16953 was published May 14, 2022
In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation... High Unreviewed
CVE-2017-0910 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database