Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

841 advisories

Loading
An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job... Critical Unreviewed
CVE-2025-29813 was published May 9, 2025
Improper Authentication vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows... Critical Unreviewed
CVE-2025-5597 was published Jun 4, 2025
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a... Critical Unreviewed
CVE-2021-42949 was published Sep 17, 2022
The location module has a vulnerability of bypassing permission verification.Successful... Critical Unreviewed
CVE-2022-39007 was published Sep 17, 2022
The WLAN module has a vulnerability in permission verification. Successful exploitation of this... Critical Unreviewed
CVE-2022-39009 was published Sep 17, 2022
An authentication bypass vulnerability exists in HPE StoreOnce Software. Critical Unreviewed
CVE-2025-37093 was published Jun 2, 2025
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for... Critical Unreviewed
CVE-2022-28321 was published Sep 20, 2022
TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open... Critical Unreviewed
CVE-2022-23126 was published Jan 25, 2022
An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication... Critical Unreviewed
CVE-2024-41198 was published May 22, 2025
An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication... Critical Unreviewed
CVE-2024-41197 was published May 22, 2025
An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass... Critical Unreviewed
CVE-2024-41196 was published May 22, 2025
An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass... Critical Unreviewed
CVE-2024-41195 was published May 22, 2025
An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login... Critical Unreviewed
CVE-2025-44083 was published May 21, 2025
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the... Critical Unreviewed
CVE-2025-34027 was published May 22, 2025
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the... Critical Unreviewed
CVE-2025-34026 was published May 22, 2025
A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1... Critical Unreviewed
CVE-2025-4978 was published May 20, 2025
The fingerprint module has service logic errors.Successful exploitation of this vulnerability... Critical Unreviewed
CVE-2022-38982 was published Oct 14, 2022
Sensitive information disclosure in NetScaler Console Critical Unreviewed
CVE-2024-6235 was published Jul 10, 2024
Improper authentication handling was identified in a set of HTTP POST requests affecting the... Critical Unreviewed
CVE-2025-3659 was published May 12, 2025
In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report... Critical Unreviewed
CVE-2024-25652 was published Mar 14, 2024
On affected versions of the CloudVision Portal, improper access controls could enable a malicious... Critical Unreviewed
CVE-2024-11186 was published May 8, 2025
In affected versions of Octopus Server where access is managed by an external authentication... Critical Unreviewed
CVE-2022-2572 was published Nov 1, 2022
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows... Critical Unreviewed
CVE-2022-0992 was published Apr 20, 2022
D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. Critical Unreviewed
CVE-2022-44801 was published Nov 22, 2022
The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500... Critical Unreviewed
CVE-2022-36133 was published Nov 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database