Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

74 advisories

Loading
Tiiwee X1 Alarm System TWX1HAKV2 allows Authentication Bypass by Capture-replay, leading to... High Unreviewed
CVE-2025-30072 was published May 19, 2025
In affected versions of Octopus Server it is possible to use the Git Connectivity test function... High Unreviewed
CVE-2022-2780 was published Oct 14, 2022
ZITADEL Allows IdP Intent Token Reuse High
CVE-2025-46815 was published for github.com/zitadel/zitadel (Go) May 6, 2025
cfx livio-a
fforootd
The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this... High Unreviewed
CVE-2022-44555 was published Nov 10, 2022
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level... High Unreviewed
CVE-2017-6823 was published May 13, 2022
A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which... High Unreviewed
CVE-2024-40715 was published Nov 7, 2024
Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028... High Unreviewed
CVE-2024-12137 was published Mar 19, 2025
SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This... High Unreviewed
CVE-2025-1887 was published Mar 7, 2025
The login mechanism via device authentication of CGFIDO from Changing Information Technology has... High Unreviewed
CVE-2024-12839 was published Dec 31, 2024
In the development options section of the Settings app, there is a possible authentication bypass... High Unreviewed
CVE-2018-9477 was published Nov 20, 2024
Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by... High Unreviewed
CVE-2024-49595 was published Nov 26, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret iarce-qb
derrickmehaffy Convly innerdvations alexandrebodin
There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service... High Unreviewed
CVE-2024-22066 was published Oct 29, 2024
Authentication Bypass by Capture-replay in Apache Spark High
CVE-2021-38296 was published for org.apache.spark:spark-core (Maven) Mar 11, 2022
AlmogApiiro
SaltStack Salt Authentication Bypass by Capture-replay High
CVE-2022-22936 was published for salt (pip) Mar 30, 2022
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation High
CVE-2023-41890 was published for Kentor.AuthServices (NuGet) Sep 20, 2023
c53robin
IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay. High Unreviewed
CVE-2024-46041 was published Oct 7, 2024
There exists a vulnerability in Quickshare/Nearby where an attacker can bypass the accept file... High Unreviewed
CVE-2024-38272 was published Jun 26, 2024
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise... High Unreviewed
CVE-2024-29851 was published May 23, 2024
django-mfa2 vulnerable to MFA Replay attack High
CVE-2022-42731 was published for django-mfa2 (pip) Oct 11, 2022
The session hijacking attack targets the application layer's control mechanism, which manages... High Unreviewed
CVE-2024-43099 was published Sep 13, 2024
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has... High Unreviewed
CVE-2023-0035 was published Jan 9, 2023
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an... High Unreviewed
CVE-2023-0036 was published Jan 9, 2023
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the... High Unreviewed
CVE-2024-3982 was published Aug 27, 2024
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and... High Unreviewed
CVE-2024-38890 was published Aug 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database