Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,732
Erlang
35
GitHub Actions
29
Go
2,310
Maven
5,000+
npm
3,949
NuGet
711
pip
3,728
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

198 advisories

Loading
Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a... Moderate Unreviewed
CVE-2025-5067 was published May 27, 2025
The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary... Moderate Unreviewed
CVE-2025-48027 was published May 15, 2025
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to... Moderate Unreviewed
CVE-2025-3909 was published May 14, 2025
Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by... Moderate Unreviewed
CVE-2025-27695 was published May 8, 2025
An app could impersonate system notifications. Sensitive notifications now require restricted... Moderate Unreviewed
CVE-2025-24091 was published Apr 30, 2025
OctoPrint Authenticated Reverse Proxy Page Authentication Bypass Moderate
CVE-2025-32788 was published for octoprint (pip) Apr 22, 2025
jacopotediosi
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system... Moderate Unreviewed
CVE-2023-5616 was published Apr 15, 2025
Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum allows Identity Spoofing... Moderate Unreviewed
CVE-2025-32227 was published Apr 10, 2025
Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker allows Identity Spoofing.... Moderate Unreviewed
CVE-2025-32275 was published Apr 10, 2025
Spring Security Vulnerable to Authorization Bypass via Security Annotations Moderate
CVE-2025-22223 was published for org.springframework.security:spring-security-core (Maven) Mar 24, 2025
Fast-JWT Improperly Validates iss Claims Moderate
CVE-2025-30144 was published for fast-jwt (npm) Mar 19, 2025
tibrn
On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Address Spoofing. The dashcam's... Moderate Unreviewed
CVE-2025-30110 was published Mar 18, 2025
The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP... Moderate Unreviewed
CVE-2024-13685 was published Mar 4, 2025
Security Update for the OPC UA .NET Standard Stack Moderate
CVE-2024-42513 was published for OPCFoundation.NetStandard.Opc.Ua.Bindings.Https (NuGet) Mar 3, 2025
TomTervoort
The application or its infrastructure allows for IP address spoofing by providing its own value... Moderate Unreviewed
CVE-2025-22271 was published Feb 28, 2025
Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The... Moderate Unreviewed
CVE-2020-6158 was published Feb 21, 2025
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software... Moderate Unreviewed
CVE-2023-51326 was published Feb 20, 2025
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software... Moderate Unreviewed
CVE-2023-51327 was published Feb 20, 2025
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Shared Asset Booking... Moderate Unreviewed
CVE-2023-51323 was published Feb 20, 2025
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Night Club Booking... Moderate Unreviewed
CVE-2023-51321 was published Feb 20, 2025
Authentication bypass by spoofing issue exists in FileMegane versions above 1.0.0.0 prior to 3.4... Moderate Unreviewed
CVE-2025-25055 was published Feb 18, 2025
Duplicate Advisory: Authentication Bypass by Spoofing in OPC UA .NET Standard Stack Moderate
GHSA-7wwr-h8cm-9jf7 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Feb 10, 2025 withdrawn
A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This... Moderate Unreviewed
CVE-2025-1104 was published Feb 7, 2025
The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1... Moderate Unreviewed
CVE-2024-36557 was published Feb 6, 2025
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing Moderate
CVE-2024-23953 was published for org.apache.hive:hive-llap-common (Maven) Jan 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database