Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

112 advisories

Loading
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user... High Unreviewed
CVE-2025-66238 was published Dec 5, 2025
Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145 and... High Unreviewed
CVE-2025-13018 was published Nov 11, 2025
@apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields High
CVE-2025-64530 was published for @apollo/composition (npm) Nov 14, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iulia Cazan Emails... High Unreviewed
CVE-2025-60041 was published Oct 22, 2025
Apollo Router Affected by an Access Control Bypass on Polymorphic Types High
CVE-2025-64173 was published for apollo-router (Rust) Nov 6, 2025
dariuszkuc
Credited to dariuszkuc
Apache Kylin Authentication Bypass Vulnerability High
CVE-2025-61733 was published for org.apache.kylin:kylin (Maven) Oct 2, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26... High Unreviewed
CVE-2025-43436 was published Nov 4, 2025
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2... High Unreviewed
CVE-2025-32976 was published Jun 26, 2025
It was possible to craft an email that showed a tracking link as an attachment. If the user... High Unreviewed
CVE-2025-3932 was published May 14, 2025
An information disclosure vulnerability exists in the /goform/getproductInfo functionality of... High Unreviewed
CVE-2025-24496 was published Aug 20, 2025
Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API... High Unreviewed
CVE-2025-44957 was published Aug 4, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4,... High Unreviewed
CVE-2025-24095 was published Apr 1, 2025
Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass High
CVE-2025-12466 was published for drupal/simple_oauth (Composer) Oct 30, 2025
HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass High
CVE-2025-11621 was published for github.com/hashicorp/vault (Go) Oct 23, 2025
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting... High Unreviewed
CVE-2025-24472 was published Feb 11, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator... High Unreviewed
CVE-2025-8093 was published Oct 11, 2025
An unauthenticated debug port may allow access to the device file system. High Unreviewed
CVE-2025-10653 was published Oct 2, 2025
An authentication bypass vulnerability exists in LG Innotek camera models LND7210 and LNV7210R.... High Unreviewed
CVE-2025-10538 was published Oct 1, 2025
The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient... High Unreviewed
CVE-2025-7038 was published Sep 30, 2025
The Service Finder SMS System plugin for WordPress is vulnerable to authentication bypass in all... High Unreviewed
CVE-2025-5955 was published Sep 19, 2025
The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially... High Unreviewed
CVE-2023-49564 was published Sep 18, 2025
An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows... High Unreviewed
CVE-2025-34520 was published Aug 28, 2025
An authentication issue was addressed with improved state management. This issue is fixed in... High Unreviewed
CVE-2025-24206 was published Apr 29, 2025
The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to... High Unreviewed
CVE-2025-5060 was published Aug 23, 2025
Improper Control of Generation of Code ('Code Injection') vulnerability in ABB ASPECT.This issue... High Unreviewed
CVE-2025-53187 was published Aug 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database