Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,507 advisories

Loading
Improper authentication in the firmware for the Intel(R) Slim Bootloader may allow a privileged... High Unreviewed
CVE-2025-20083 was published May 13, 2025
Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM... High Unreviewed
CVE-2025-41450 was published May 8, 2025
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling High
CVE-2025-46573 was published for passport-wsfed-saml2 (npm) May 6, 2025
kevinroh-okta
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper... High Unreviewed
CVE-2025-22477 was published May 6, 2025
BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local... High Unreviewed
CVE-2025-0217 was published May 5, 2025
ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code... High Unreviewed
CVE-2025-3935 was published Apr 25, 2025
The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all... High Unreviewed
CVE-2024-11917 was published Apr 25, 2025
Vulnerability in Hewlett Packard Enterprise HPE Performance Cluster Manager (HPCM).This issue... High Unreviewed
CVE-2025-27086 was published Apr 21, 2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper... High Unreviewed
CVE-2025-30287 was published Apr 8, 2025
Joomla CMS Multi-Factor Authentication Bypass High
CVE-2025-25227 was published for joomla/joomla-cms (Composer) Apr 8, 2025
Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker... High Unreviewed
CVE-2024-57490 was published Mar 21, 2025
Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint High
CVE-2024-8053 was published for open-webui (pip) Mar 20, 2025
Spring Security Does Not Enforce Password Length High
CVE-2025-22228 was published for org.springframework.security:spring-security-crypto (Maven) Mar 20, 2025
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of... High Unreviewed
CVE-2025-30116 was published Mar 18, 2025
A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay... High Unreviewed
CVE-2025-2230 was published Mar 13, 2025
CWE-287: Improper Authentication vulnerability exists that could cause an Authentication Bypass... High Unreviewed
CVE-2025-0813 was published Mar 12, 2025
Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries High
CVE-2025-27403 was published for github.com/deislabs/ratify (Go) Mar 11, 2025
Improper Authentication vulnerability in GE Vernova EnerVista UR Setup allows Authentication... High Unreviewed
CVE-2025-27254 was published Mar 10, 2025
The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin... High Unreviewed
CVE-2024-11087 was published Mar 8, 2025
Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account... High Unreviewed
CVE-2025-1723 was published Mar 3, 2025
A vulnerability in the remote connection complements of the NVDA (Nonvisual Desktop Access) 2024... High Unreviewed
CVE-2025-26326 was published Feb 28, 2025
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login High
CVE-2025-23389 was published for github.com/rancher/rancher (Go) Feb 27, 2025
AnonySE26
A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary... High Unreviewed
CVE-2025-1024 was published Feb 19, 2025
A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits... High Unreviewed
CVE-2024-57046 was published Feb 18, 2025
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to hijack a user's... High Unreviewed
CVE-2025-0981 was published Feb 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database