Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,151
Maven
5,000+
npm
5,000+
NuGet
859
pip
4,448
Pub
12
RubyGems
991
Rust
1,179
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,022 advisories

Loading
AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass Critical
CVE-2026-32136 was published for github.com/AdguardTeam/AdGuardHome (Go) Mar 12, 2026
mandreko Credited to mandreko
A vulnerability has been identified in the web-based management interface of AOS-CX switches that... Critical Unreviewed
CVE-2026-23813 was published Mar 11, 2026
Feathers has an OAuth Callback Account Takeover issue Critical
CVE-2026-29792 was published for @feathersjs/authentication-oauth (npm) Mar 10, 2026
sofianeelhor Credited to sofianeelhor
The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up... Critical Unreviewed
CVE-2026-0953 was published Mar 10, 2026
Parse Server: JWT audience validation bypass in Google, Apple, and Facebook authentication adapters Critical
CVE-2026-30863 was published for parse-server (npm) Mar 9, 2026
asukachloe Credited to asukachloe, mtrezza, and devanshbatham mtrezza mtrezza
devanshbatham devanshbatham
Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions... Critical Unreviewed
CVE-2026-3224 was published Mar 4, 2026
A remote authentication bypass vulnerability  exists in HPE AutoPass License Server (APLS). Critical Unreviewed
CVE-2026-23600 was published Mar 2, 2026
A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an... Critical Unreviewed
CVE-2026-20129 was published Feb 25, 2026
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD... Critical Unreviewed
CVE-2026-20127 was published Feb 25, 2026
An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to... Critical Unreviewed
CVE-2025-70833 was published Feb 20, 2026
OGP-Website installs prior git commit 52f865a4fba763594453068acf8fa9e3fc38d663 are affected by a... Critical Unreviewed
CVE-2025-15586 was published Feb 19, 2026
OpenClaw has an inbound allowlist policy bypass in voice-call extension (empty caller ID + suffix matching) Critical
CVE-2026-28446 was published for openclaw (npm) Feb 17, 2026
simecek Credited to simecek, stanislavfortaisle, and MegaManSec stanislavfortaisle stanislavfortaisle
MegaManSec MegaManSec
A missing authentication mechanism in the web management API components of Shenzhen Zhibotong... Critical Unreviewed
CVE-2025-65128 was published Feb 11, 2026
METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console... Critical Unreviewed
CVE-2026-2248 was published Feb 11, 2026
METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console... Critical Unreviewed
CVE-2026-2249 was published Feb 11, 2026
Apache Druid Vulnerable to Authentication Bypass Critical
CVE-2026-23906 was published for org.apache.druid.extensions:druid-basic-security (Maven) Feb 10, 2026
FUXA Unauthenticated Remote Code Execution via Admin JWT Minting Critical
CVE-2026-25893 was published for fuxa-server (npm) Feb 5, 2026
wodzen Credited to wodzen
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers... Critical Unreviewed
CVE-2025-70841 was published Feb 3, 2026
Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion... Critical Unreviewed
CVE-2026-1568 was published Feb 3, 2026
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user... Critical Unreviewed
CVE-2022-25369 was published Jan 23, 2026
A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50)... Critical Unreviewed
CVE-2025-67822 was published Jan 16, 2026
The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs.... Critical Unreviewed
CVE-2026-22236 was published Jan 14, 2026
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session... Critical Unreviewed
CVE-2025-68717 was published Jan 8, 2026
wolfSSL Python module vulnerable to Improper Authentication Critical
CVE-2025-15346 was published for wolfssl (pip) Jan 8, 2026
rhdesmond Credited to rhdesmond
wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the... Critical Unreviewed
CVE-2025-14942 was published Jan 6, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database