Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,479
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,639 advisories

Loading
In serializePasspointConfiguration of PasspointXmlUtils.java, there is a possible logic error in... High Unreviewed
CVE-2023-21027 was published Mar 24, 2023
Navidrome allows an authentication bypass in Subsonic API with non-existent username Moderate
CVE-2025-27112 was published for github.com/navidrome/navidrome (Go) Feb 25, 2025
daniele-athome
A flaw in Gliffy results in broken authentication through the reset functionality of the... Moderate Unreviewed
CVE-2024-5174 was published Feb 24, 2025
djoser Authentication Bypass High
CVE-2024-21543 was published for djoser (pip) Dec 13, 2024
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to hijack a user's... High Unreviewed
CVE-2025-0981 was published Feb 18, 2025
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version... Critical Unreviewed
CVE-2022-40684 was published Oct 18, 2022
A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits... High Unreviewed
CVE-2024-57046 was published Feb 18, 2025
A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits... Critical Unreviewed
CVE-2024-57045 was published Feb 18, 2025
A vulnerability in the TP-Link WR840N v6 router with firmware version 0.9.1 4.16 and earlier... Critical Unreviewed
CVE-2024-57050 was published Feb 18, 2025
A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier... Critical Unreviewed
CVE-2024-57049 was published Feb 18, 2025
The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and... Critical Unreviewed
CVE-2022-41545 was published Feb 18, 2025
A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary... High Unreviewed
CVE-2025-1024 was published Feb 19, 2025
Authentication bypass for viewing and deletions of snapshots High
CVE-2021-39226 was published for github.com/grafana/grafana (Go) Oct 5, 2021
theblackturtle
Account Takeover in Octobercms High
CVE-2021-32648 was published for october/system (Composer) Aug 30, 2021
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5... Critical Unreviewed
CVE-2023-28503 was published Mar 29, 2023
Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of... Critical Unreviewed
CVE-2025-1298 was published Feb 14, 2025
An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate... High Unreviewed
CVE-2023-27091 was published Apr 4, 2023
Apache DolphinScheduler's python gateway suffered from improper authentication Moderate
CVE-2023-25601 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Apr 20, 2023
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() Moderate
CVE-2022-23540 was published for jsonwebtoken (npm) Dec 22, 2022
The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks,... Critical Unreviewed
CVE-2023-34124 was published Jul 13, 2023
Broken Authentication in Atlassian Connect Express High
CVE-2021-26073 was published for atlassian-connect-express (npm) May 24, 2022
An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate... Moderate Unreviewed
CVE-2024-54916 was published Feb 12, 2025
Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due... High Unreviewed
CVE-2023-28727 was published Mar 31, 2023
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-13528 was published Feb 12, 2025
Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows... Critical Unreviewed
CVE-2025-1044 was published Feb 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database