Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

888 advisories

Loading
An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration... Critical Unreviewed
CVE-2023-27823 was published May 12, 2023
The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows... Critical Unreviewed
CVE-2021-32030 was published May 24, 2022
It has been found that the Beta10 software does not provide for proper authorisation control in... Critical Unreviewed
CVE-2025-0637 was published Jan 23, 2025
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication... Critical Unreviewed
CVE-2018-10561 was published May 14, 2022
Sentry's improper authentication on SAML SSO process allows user impersonation Critical
CVE-2025-22146 was published for sentry (pip) Jan 15, 2025
Muhammad-Qasim-Munir
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content... Critical Unreviewed
CVE-2024-12919 was published Jan 14, 2025
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2,... Critical Unreviewed
CVE-2024-28012 was published Mar 28, 2024
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2,... Critical Unreviewed
CVE-2024-28009 was published Mar 28, 2024
Improper authentication vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2,... Critical Unreviewed
CVE-2024-28007 was published Mar 28, 2024
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to... Critical Unreviewed
CVE-2025-0070 was published Jan 14, 2025
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote... Critical Unreviewed
CVE-2024-53704 was published Jan 9, 2025
An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication... Critical Unreviewed
CVE-2023-33553 was published Jun 7, 2023
The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all... Critical Unreviewed
CVE-2024-12264 was published Jan 7, 2025
Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method. Critical Unreviewed
CVE-2023-32220 was published Jun 12, 2023
Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series. If this... Critical Unreviewed
CVE-2023-30762 was published Jun 13, 2023
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build... Critical Unreviewed
CVE-2017-7921 was published May 17, 2022
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s Critical
CVE-2024-53990 was published for org.asynchttpclient:async-http-client (Maven) Dec 2, 2024
pickypg
The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all... Critical Unreviewed
CVE-2024-12287 was published Dec 18, 2024
CasaOS contains weak JWT secrets Critical
CVE-2023-37266 was published for github.com/IceWhaleTech/CasaOS (Go) Jul 17, 2023
thomas-chauchefoin-sonarsource
The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all... Critical Unreviewed
CVE-2024-11015 was published Dec 12, 2024
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability.... Critical Unreviewed
CVE-2024-11680 was published Nov 26, 2024
An authentication issue was addressed with improved state management. This issue is fixed in... Critical Unreviewed
CVE-2024-23255 was published Mar 8, 2024
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC)... Critical Unreviewed
CVE-2019-16028 was published May 24, 2022
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An... Critical Unreviewed
CVE-2023-28461 was published Mar 16, 2023
An authentication bypass vulnerability has been identified in Pulpcore when deployed with... Critical Unreviewed
CVE-2024-7923 was published Sep 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database