Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,846
Erlang
36
GitHub Actions
33
Go
2,465
Maven
5,000+
npm
4,089
NuGet
733
pip
3,907
Pub
12
RubyGems
944
Rust
1,011
Swift
39
Unreviewed advisories
All unreviewed
5,000+

392 advisories

Loading
On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503... High Unreviewed
CVE-2025-6188 was published Aug 26, 2025
HydrAIDE Authentication Bypass Vulnerability Critical
GHSA-qp7j-x725-g67f was published for github.com/hydraide/hydraide (Go) Aug 19, 2025
yyewolf
Official Document Management System developed by 2100 Technology has an Authentication Bypass... Critical Unreviewed
CVE-2025-8853 was published Aug 11, 2025
IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges... High Unreviewed
CVE-2025-36119 was published Aug 8, 2025
An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an... Moderate Unreviewed
CVE-2025-50454 was published Aug 5, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release... Critical Unreviewed
CVE-2025-36594 was published Aug 4, 2025
CSC Pay Mobile App 2.19.4 (fixed in version 2.20.0) contains a vulnerability allowing users to... Moderate Unreviewed
CVE-2025-46018 was published Aug 1, 2025
OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion Critical
CVE-2025-54576 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Jul 30, 2025
jennifer-recurity
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in... Critical Unreviewed
CVE-2025-43245 was published Jul 30, 2025
An issue was discovered in AlertEnterprise Guardian 4.1.14.2.2.1. One can bypass manager approval... High Unreviewed
CVE-2025-31511 was published Jul 22, 2025
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages High
CVE-2025-7346 was published for pyload-ng (pip) Jul 8, 2025
PinkDraconian
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd... Moderate Unreviewed
CVE-2025-34065 was published Jul 1, 2025
A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1... Critical Unreviewed
CVE-2025-34063 was published Jul 1, 2025
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd... Moderate Unreviewed
CVE-2025-34053 was published Jul 1, 2025
The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using... Moderate Unreviewed
CVE-2025-23168 was published Jun 19, 2025
matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator Moderate
CVE-2025-48937 was published for matrix-sdk-crypto (Rust) Jun 10, 2025
dkasak richvdh
Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of... High Unreviewed
CVE-2025-48906 was published Jun 6, 2025
An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses... Critical Unreviewed
CVE-2023-41591 was published May 29, 2025
Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a... Moderate Unreviewed
CVE-2025-5067 was published May 27, 2025
Babylon Finality Provider `MsgCommitPubRandList` replay attack High
GHSA-7mm3-vfg8-7rg6 was published for github.com/babylonlabs-io/babylon (Go) May 15, 2025
The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary... Moderate Unreviewed
CVE-2025-48027 was published May 15, 2025
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to... Moderate Unreviewed
CVE-2025-3909 was published May 14, 2025
Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an... High Unreviewed
CVE-2025-3875 was published May 14, 2025
Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by... Moderate Unreviewed
CVE-2025-27695 was published May 8, 2025
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling High
CVE-2025-46573 was published for passport-wsfed-saml2 (npm) May 6, 2025
kevinroh-okta
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database