Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Loading
HydrAIDE Authentication Bypass Vulnerability Critical
GHSA-qp7j-x725-g67f was published for github.com/hydraide/hydraide (Go) Aug 19, 2025
yyewolf
Official Document Management System developed by 2100 Technology has an Authentication Bypass... Critical Unreviewed
CVE-2025-8853 was published Aug 11, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Critical Unreviewed
CVE-2025-36594 was published Aug 4, 2025
OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion Critical
CVE-2025-54576 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Jul 30, 2025
jennifer-recurity
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in... Critical Unreviewed
CVE-2025-43245 was published Jul 30, 2025
A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1... Critical Unreviewed
CVE-2025-34063 was published Jul 1, 2025
An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses... Critical Unreviewed
CVE-2023-41591 was published May 29, 2025
An issue in TOTVS Framework (Linha Protheus) 12.1.2310 allows attackers to bypass multi-factor... Critical Unreviewed
CVE-2024-55210 was published Apr 9, 2025
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication... Critical Unreviewed
CVE-2024-54085 was published Mar 11, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27671 was published Mar 5, 2025
AspNetCore Remote Authenticator for CIE3.0 Allows SAML Response Signature Verification Bypass Critical
CVE-2025-24895 was published for CIE.AspNetCore.Authentication (NuGet) Feb 18, 2025
smaury Paupu
fromVeeko
The AspNetCore Remote Authenticator for SPID Allows SAML Response Signature Verification Bypass Critical
CVE-2025-24894 was published for SPID.AspNetCore.Authentication (NuGet) Feb 18, 2025
smaury Paupu
fromVeeko
Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of... Critical Unreviewed
CVE-2025-1298 was published Feb 14, 2025
The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and... Critical Unreviewed
CVE-2022-3180 was published Feb 12, 2025
Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to... Critical Unreviewed
CVE-2025-21415 was published Jan 30, 2025
The Electronic Official Document Management System from 2100 Technology has an Authentication... Critical Unreviewed
CVE-2024-13061 was published Dec 31, 2024
In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp... Critical Unreviewed
CVE-2024-12108 was published Dec 31, 2024
An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is... Critical Unreviewed
CVE-2024-54450 was published Dec 27, 2024
Mellium allows Authentication Bypass by Spoofing Critical
CVE-2024-46957 was published for mellium.im/xmpp (Go) Sep 25, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7... Critical Unreviewed
CVE-2024-6678 was published Sep 12, 2024
Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry... Critical Unreviewed
CVE-2024-37082 was published Jul 3, 2024
By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it... Critical Unreviewed
CVE-2024-29006 was published Apr 4, 2024
The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15... Critical Unreviewed
CVE-2024-23674 was published Feb 16, 2024
A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and... Critical Unreviewed
CVE-2023-51350 was published Jan 12, 2024
Windows Kerberos Security Feature Bypass Vulnerability Critical Unreviewed
CVE-2024-20674 was published Jan 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database