Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

104 advisories

Loading
An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02... Low Unreviewed
CVE-2026-1524 was published Mar 11, 2026
Craft CMS has a potential information disclosure vulnerability in preview tokens Low
CVE-2026-29113 was published for craftcms/cms (Composer) Mar 10, 2026
singetu0096 Credited to singetu0096
A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function... Low Unreviewed
CVE-2026-3194 was published Feb 25, 2026
A vulnerability has been found in DJI Mavic Mini, Spark and Mini SE up to 01.00.0500. Affected by... Low Unreviewed
CVE-2026-1743 was published Feb 2, 2026
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for... Low Unreviewed
CVE-2026-0633 was published Jan 24, 2026
When doing SSH-based transfers using either SCP or SFTP, and asked to do public key... Low Unreviewed
CVE-2025-15224 was published Jan 8, 2026
Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions Low
GHSA-wmjr-v86c-m9jj was published for better-auth (npm) Nov 26, 2025
mufeedvh Credited to mufeedvh
Improper authentication in Windows SMB Client allows an unauthorized attacker to perform... Low Unreviewed
CVE-2025-59280 was published Oct 14, 2025
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication... Low Unreviewed
CVE-2025-0672 was published Sep 23, 2025
PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023... Low Unreviewed
CVE-2023-21466 was published Sep 8, 2025
Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows... Low Unreviewed
CVE-2023-21471 was published Sep 5, 2025
HCL IEM is affected by an improper invalidation of access or JWT token vulnerability.  A token... Low Unreviewed
CVE-2025-0249 was published Jul 25, 2025
A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects... Low Unreviewed
CVE-2025-6524 was published Jun 23, 2025
Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion... Low Unreviewed
CVE-2024-38822 was published Jun 13, 2025
A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as... Low Unreviewed
CVE-2025-1880 was published Mar 3, 2025
There is an insufficient authentication vulnerability in some Huawei smart phone. An... Low Unreviewed
CVE-2020-9250 was published Dec 20, 2024
lxd has a restricted TLS certificate privilege escalation when in PKI mode Low
CVE-2024-6219 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing Credited to markylaing
Symfony's `Security::login` does not take into account custom `user_checker` Low
CVE-2024-50341 was published for symfony/security-bundle (Composer) Nov 6, 2024
94noni Credited to 94noni and xabbuh xabbuh xabbuh
gitsign may use incorrect Rekor entries during verification Low
CVE-2024-51746 was published for github.com/sigstore/gitsign (Go) Nov 5, 2024
adityasaky Credited to adityasaky
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs Low
CVE-2024-49755 was published for Duende.IdentityServer (NuGet) Oct 28, 2024
An authentication issue was addressed with improved state management. This issue is fixed in... Low Unreviewed
CVE-2024-40778 was published Jul 30, 2024
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space... Low Unreviewed
CVE-2024-41829 was published Jul 22, 2024
An authentication issue was addressed with improved state management. This issue is fixed in... Low Unreviewed
CVE-2024-27867 was published Jun 26, 2024
Improper authentication in zenml Low
CVE-2024-2213 was published for zenml (pip) Jun 6, 2024
An issue was discovered in Samsung Mobile Processor, Automotive Processor, and Modem Exynos 9820,... Low Unreviewed
CVE-2023-50804 was published Jun 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database