Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

102 advisories

Loading
A vulnerability found in IPRateLimit implementation of FileCodeBox up to 2.2 allows remote... High Unreviewed
CVE-2025-51663 was published Nov 19, 2025
The commissioning wizard on the affected devices does not validate if the device is already... Critical Unreviewed
CVE-2025-41733 was published Nov 18, 2025
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service Critical
CVE-2024-10082 was published for codechecker (pip) Nov 6, 2024
Discookie
Credited to Discookie
MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling High
CVE-2025-47776 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
dregad piru
Credited to dregad and piru
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the... High Unreviewed
CVE-2020-10126 was published May 24, 2022
The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not... Low Unreviewed
CVE-2020-10123 was published May 24, 2022
Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn... Moderate Unreviewed
CVE-2023-4498 was published Sep 6, 2023
The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and... Moderate Unreviewed
CVE-2025-31192 was published Apr 1, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and... Moderate Unreviewed
CVE-2025-30428 was published Apr 1, 2025
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication... Critical Unreviewed
CVE-2022-0547 was published Mar 19, 2022
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by... Critical Unreviewed
CVE-2025-46801 was published May 19, 2025
IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote... Critical Unreviewed
CVE-2025-36386 was published Oct 28, 2025
go-f3 Vulnerable to Cached Justification Verification Bypass Moderate
CVE-2025-59941 was published for github.com/filecoin-project/go-f3 (Go) Sep 29, 2025
lgprbs
Credited to lgprbs
On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases. Low Unreviewed
CVE-2025-62772 was published Oct 22, 2025
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient... Moderate Unreviewed
CVE-2024-37085 was published Jun 25, 2024
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the... Critical Unreviewed
CVE-2025-31161 was published Apr 3, 2025
A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8... Moderate Unreviewed
CVE-2025-56224 was published Oct 20, 2025
An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS... Moderate Unreviewed
CVE-2025-59980 was published Oct 9, 2025
LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset... High Unreviewed
CVE-2025-56132 was published Sep 30, 2025
Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM... High Unreviewed
CVE-2025-41450 was published May 8, 2025
RatPanel can perform remote command execution without authorization High
CVE-2025-53534 was published for github.com/tnborg/panel (Go) Aug 4, 2025
LTLTLXEY devhaozi
Credited to LTLTLXEY and devhaozi
Binding authentication bypass vulnerability in the devicemanager module. Impact: Successful... High Unreviewed
CVE-2025-54622 was published Aug 6, 2025
File Browser's password protection of links is bypassable Low
CVE-2025-52996 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig hacdias
Credited to mtausig and hacdias
File Browser’s insecure JWT handling can lead to session replay attacks after logout High
CVE-2025-53826 was published for github.com/filebrowser/filebrowser (Go) Jul 16, 2025
maen08 hacdias
Credited to maen08 and hacdias
Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and... High Unreviewed
CVE-2025-31965 was published Jul 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database