Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

3,612 advisories

Loading
An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration... Critical Unreviewed
CVE-2023-27823 was published May 12, 2023
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows... Critical Unreviewed
CVE-2021-32030 was published May 24, 2022
It has been found that the Beta10 software does not provide for proper authorisation control in... Critical Unreviewed
CVE-2025-0637 was published Jan 23, 2025
API Security bypass through header manipulation Moderate Unreviewed
CVE-2024-55925 was published Jan 23, 2025
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication... Critical Unreviewed
CVE-2018-10561 was published May 14, 2022
Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak Moderate
CVE-2025-0604 was published for org.keycloak:keycloak-ldap-federation (Maven) Jan 22, 2025
actionpack Improper Authentication vulnerability Moderate
CVE-2012-3424 was published for actionpack (RubyGems) Oct 24, 2017
ShayAry levpachmanov
** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value... Moderate Unreviewed
CVE-2009-0130 was published May 2, 2022
Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin... Moderate Unreviewed
CVE-2009-3168 was published May 2, 2022
Improper authentication in zenml Low
CVE-2024-2213 was published for zenml (pip) Jun 6, 2024
PAM module may allow accessing with the credentials of another user High
CVE-2024-9313 was published for github.com/ubuntu/authd (Go) Oct 3, 2024
3v1n0 didrocks
adombeck
matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content Moderate
CVE-2024-36402 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
Issue with whitespace in JWT roles in OpenSearch Moderate
CVE-2023-23612 was published for org.opensearch.plugin:opensearch-security (Maven) Jan 24, 2023
binary-1024
Sentry's improper authentication on SAML SSO process allows user impersonation Critical
CVE-2025-22146 was published for sentry (pip) Jan 15, 2025
Muhammad-Qasim-Munir
A denial-of-service vulnerability exists in CyberPower PowerPanel Business (PPB) 4.11.0. An... High Unreviewed
CVE-2024-11322 was published Jan 15, 2025
djoser Authentication Bypass High
CVE-2024-21543 was published for djoser (pip) Dec 13, 2024
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content... Critical Unreviewed
CVE-2024-12919 was published Jan 14, 2025
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2,... Critical Unreviewed
CVE-2024-28012 was published Mar 28, 2024
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2,... Critical Unreviewed
CVE-2024-28009 was published Mar 28, 2024
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2,... Critical Unreviewed
CVE-2024-28007 was published Mar 28, 2024
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2,... Unknown Unreviewed
CVE-2024-28006 was published Mar 28, 2024
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to... Critical Unreviewed
CVE-2025-0070 was published Jan 14, 2025
Vulnerability of improper authentication in the ANS system service module Impact: Successful... Moderate Unreviewed
CVE-2023-52955 was published Jan 8, 2025
HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys,... Moderate Unreviewed
CVE-2024-42172 was published Jan 11, 2025
A user with administrator privileges is able to retrieve authentication tokens Moderate Unreviewed
CVE-2024-9133 was published Jan 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database