Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,736
Maven
5,000+
npm
4,336
NuGet
764
pip
4,110
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

363 advisories

Loading
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26... High Unreviewed
CVE-2025-43436 was published Nov 4, 2025
"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. ... Critical Unreviewed
CVE-2024-33610 was published Nov 26, 2024
IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By... Moderate Unreviewed
CVE-2024-51464 was published Dec 21, 2024
Apache Tomcat - Security constraint bypass for pre/post-resources Moderate
CVE-2025-49125 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 16, 2025
An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda... Critical Unreviewed
CVE-2025-27129 was published Aug 20, 2025
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2... High Unreviewed
CVE-2025-32976 was published Jun 26, 2025
It was possible to craft an email that showed a tracking link as an attachment. If the user... High Unreviewed
CVE-2025-3932 was published May 14, 2025
An information disclosure vulnerability exists in the /goform/getproductInfo functionality of... High Unreviewed
CVE-2025-24496 was published Aug 20, 2025
Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API... High Unreviewed
CVE-2025-44957 was published Aug 4, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4,... High Unreviewed
CVE-2025-24095 was published Apr 1, 2025
The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up... Critical Unreviewed
CVE-2025-5397 was published Oct 31, 2025
Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass High
CVE-2025-12466 was published for drupal/simple_oauth (Composer) Oct 30, 2025
An unauthenticated user can connect to a publicly accessible database using arbitrary credentials... Critical Unreviewed
CVE-2025-9313 was published Oct 28, 2025
HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass High
CVE-2025-11621 was published for github.com/hashicorp/vault (Go) Oct 23, 2025
Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass... Moderate Unreviewed
CVE-2025-55338 was published Oct 14, 2025
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and... Moderate Unreviewed
CVE-2025-4427 was published May 13, 2025
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting... High Unreviewed
CVE-2025-24472 was published Feb 11, 2025
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting... Critical Unreviewed
CVE-2024-55591 was published Jan 14, 2025
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions... Critical Unreviewed
CVE-2024-27198 was published Mar 4, 2024
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with... Critical Unreviewed
CVE-2023-46747 was published Oct 26, 2023
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server... Critical Unreviewed
CVE-2023-42793 was published Sep 19, 2023
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA)... Critical Unreviewed
CVE-2023-20269 was published Sep 6, 2023
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote... Critical Unreviewed
CVE-2020-10148 was published May 24, 2022
The affected Raisecom devices allow SSH sessions to be established without completing user... Critical Unreviewed
CVE-2025-11534 was published Oct 21, 2025
Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an... Moderate Unreviewed
CVE-2025-58133 was published Oct 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database