GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
108 advisories
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
PrestaShop Checkout allows customer account takeover via email
Critical
CVE-2025-61922
was published
for
prestashop/ps_checkout
(Composer)
Oct 16, 2025
Node-SAML SAML Signature Verification Vulnerability
Critical
CVE-2025-54419
was published
for
@node-saml/node-saml
(npm)
Jul 28, 2025
Node-SAML SAML Authentication Bypass
Critical
CVE-2025-54369
was published
for
@node-saml/node-saml
(npm)
Jul 25, 2025
Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK
Critical
CVE-2025-47275
was published
for
auth0/auth0-php
(Composer)
May 16, 2025
laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-9fwj-9mjf-rhj3
was published
for
auth0/login
(Composer)
May 17, 2025
Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-2f4r-34m4-3w8q
was published
for
auth0/wordpress
(Composer)
May 17, 2025
Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions
Critical
GHSA-9wg9-93h9-j8ch
was published
for
auth0/symfony
(Composer)
May 17, 2025
YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download
Critical
CVE-2025-46348
was published
for
yeswiki/yeswiki
(Composer)
Apr 29, 2025
NATS Server may fail to authorize certain Jetstream admin APIs
Critical
CVE-2025-30215
was published
for
github.com/nats-io/nats-server/v2
(Go)
Apr 15, 2025
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
Critical
CVE-2022-47408
was published
for
fixpunkt/fp-newsletter
(Composer)
Dec 14, 2022
Sentry's improper authentication on SAML SSO process allows user impersonation
Critical
CVE-2025-22146
was published
for
sentry
(pip)
Jan 15, 2025
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
Critical
CVE-2024-53990
was published
for
org.asynchttpclient:async-http-client
(Maven)
Dec 2, 2024
CasaOS contains weak JWT secrets
Critical
CVE-2023-37266
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Jul 17, 2023
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
Critical
CVE-2024-47533
was published
for
cobbler
(pip)
Nov 18, 2024
ProTip!
Advisories are also available from the
GraphQL API