Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,851
Erlang
36
GitHub Actions
35
Go
2,481
Maven
5,000+
npm
4,098
NuGet
734
pip
3,914
Pub
12
RubyGems
945
Rust
1,016
Swift
39
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
Binding authentication bypass vulnerability in the devicemanager module. Impact: Successful... High Unreviewed
CVE-2025-54622 was published Aug 6, 2025
RatPanel can perform remote command execution without authorization High
CVE-2025-53534 was published for github.com/tnborg/panel (Go) Aug 4, 2025
LTLTLXEY devhaozi
Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and... High Unreviewed
CVE-2025-31965 was published Jul 29, 2025
File Browser’s insecure JWT handling can lead to session replay attacks after logout High
CVE-2025-53826 was published for github.com/filebrowser/filebrowser (Go) Jul 16, 2025
maen08 hacdias
In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password... High Unreviewed
CVE-2024-12776 was published Mar 20, 2025
A flaw was found in the skupper console, a read-only interface that renders cluster network,... High Unreviewed
CVE-2024-12582 was published Dec 24, 2024
TShock Security Escalation Exploit High
GHSA-hvm9-wc8j-mgrc was published for TShock (NuGet) Dec 18, 2024
sgkoishi THEXN
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege... High Unreviewed
CVE-2024-6637 was published Jul 20, 2024
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with... High Unreviewed
CVE-2023-4727 was published Jun 11, 2024
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process High
CVE-2024-34077 was published for mantisbt/mantisbt (Composer) May 13, 2024
dregad redna-xela
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an... High Unreviewed
CVE-2024-20378 was published May 1, 2024
In telephony, there is a possible escalation of privilege due to a permissions bypass. This could... High Unreviewed
CVE-2024-20015 was published Feb 5, 2024
Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS... High Unreviewed
CVE-2023-6998 was published Dec 30, 2023
NATS.io: Adding accounts for just the system account adds auth bypass High
CVE-2023-47090 was published for github.com/nats-io/nats-server/v2 (Go) Oct 19, 2023
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior... High Unreviewed
CVE-2023-4898 was published Sep 12, 2023
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1,... High Unreviewed
CVE-2023-36497 was published Sep 11, 2023
Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS... High Unreviewed
CVE-2023-2959 was published Jul 17, 2023
Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due... High Unreviewed
CVE-2023-28727 was published Mar 31, 2023
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse... High Unreviewed
CVE-2023-27535 was published Mar 30, 2023
rdiffweb vulnerable to Authentication Bypass by Primary Weakness High
CVE-2022-4722 was published for rdiffweb (pip) Dec 27, 2022
Cockpit Content Platform vulnerable to 2FA bypass High
CVE-2022-2818 was published for cockpit-hq/cockpit (Composer) Aug 16, 2022
A vulnerability has been identified in SIMATIC HMI United Comfort Panels (All versions). Affected... High Unreviewed
CVE-2020-15787 was published May 24, 2022
Keycloak Authentication Error High
CVE-2019-14909 was published for org.keycloak:keycloak-parent (Maven) May 24, 2022
Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server High
CVE-2021-21403 was published for github.com/kongchuanhujiao/server (Go) Feb 15, 2022
qianjunakasumi
Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers High
CVE-2020-14359 was published for github.com/keycloak/keycloak-gatekeeper (Go) Feb 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database