GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,721
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,946
NuGet
711
pip
3,723
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
197 advisories
Filter by severity
Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a...
Moderate
Unreviewed
CVE-2025-5067
was published
May 27, 2025
The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary...
Moderate
Unreviewed
CVE-2025-48027
was published
May 15, 2025
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to...
Moderate
Unreviewed
CVE-2025-3909
was published
May 14, 2025
Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by...
Moderate
Unreviewed
CVE-2025-27695
was published
May 8, 2025
An app could impersonate system notifications. Sensitive notifications now require restricted...
Moderate
Unreviewed
CVE-2025-24091
was published
Apr 30, 2025
OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
Moderate
CVE-2025-32788
was published
for
octoprint
(pip)
Apr 22, 2025
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system...
Moderate
Unreviewed
CVE-2023-5616
was published
Apr 15, 2025
Authentication Bypass by Spoofing vulnerability in Asgaros Asgaros Forum allows Identity Spoofing...
Moderate
Unreviewed
CVE-2025-32227
was published
Apr 10, 2025
Authentication Bypass by Spoofing vulnerability in Ays Pro Survey Maker allows Identity Spoofing....
Moderate
Unreviewed
CVE-2025-32275
was published
Apr 10, 2025
Spring Security Vulnerable to Authorization Bypass via Security Annotations
Moderate
CVE-2025-22223
was published
for
org.springframework.security:spring-security-core
(Maven)
Mar 24, 2025
Fast-JWT Improperly Validates iss Claims
Moderate
CVE-2025-30144
was published
for
fast-jwt
(npm)
Mar 19, 2025
On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Address Spoofing. The dashcam's...
Moderate
Unreviewed
CVE-2025-30110
was published
Mar 18, 2025
The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP...
Moderate
Unreviewed
CVE-2024-13685
was published
Mar 4, 2025
Security Update for the OPC UA .NET Standard Stack
Moderate
CVE-2024-42513
was published
for
OPCFoundation.NetStandard.Opc.Ua.Bindings.Https
(NuGet)
Mar 3, 2025
The application or its infrastructure allows for IP address spoofing by providing its own value...
Moderate
Unreviewed
CVE-2025-22271
was published
Feb 28, 2025
Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The...
Moderate
Unreviewed
CVE-2020-6158
was published
Feb 21, 2025
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software...
Moderate
Unreviewed
CVE-2023-51326
was published
Feb 20, 2025
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software...
Moderate
Unreviewed
CVE-2023-51327
was published
Feb 20, 2025
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Night Club Booking...
Moderate
Unreviewed
CVE-2023-51321
was published
Feb 20, 2025
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Shared Asset Booking...
Moderate
Unreviewed
CVE-2023-51323
was published
Feb 20, 2025
Authentication bypass by spoofing issue exists in FileMegane versions above 1.0.0.0 prior to 3.4...
Moderate
Unreviewed
CVE-2025-25055
was published
Feb 18, 2025
Duplicate Advisory: Authentication Bypass by Spoofing in OPC UA .NET Standard Stack
Moderate
GHSA-7wwr-h8cm-9jf7
was published
for
OPCFoundation.NetStandard.Opc.Ua
(NuGet)
Feb 10, 2025
•
withdrawn
A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This...
Moderate
Unreviewed
CVE-2025-1104
was published
Feb 7, 2025
The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1...
Moderate
Unreviewed
CVE-2024-36557
was published
Feb 6, 2025
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing
Moderate
CVE-2024-23953
was published
for
org.apache.hive:hive-llap-common
(Maven)
Jan 28, 2025
ProTip!
Advisories are also available from the
GraphQL API