Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,516 advisories

Loading
WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled High
CVE-2025-54376 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over... High Unreviewed
CVE-2025-54918 was published Sep 9, 2025
SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who... High Unreviewed
CVE-2025-55234 was published Sep 9, 2025
Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM... High Unreviewed
CVE-2025-41450 was published May 8, 2025
In smp_process_secure_connection_oob_data of smp_act.cc, there is a possible way to bypass SMP... High Unreviewed
CVE-2025-26438 was published Sep 4, 2025
A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element... High Unreviewed
CVE-2025-9815 was published Sep 2, 2025
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows... High Unreviewed
CVE-2024-43685 was published Oct 4, 2024
An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker... High Unreviewed
CVE-2024-50641 was published Aug 21, 2025
Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit... High Unreviewed
CVE-2024-57491 was published Aug 20, 2025
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over... High Unreviewed
CVE-2025-53778 was published Aug 12, 2025
Komari vulnerable to 2FA Authentication Bypass High
GHSA-jhmr-57cj-q6g9 was published for github.com/komari-monitor/komari (Go) Aug 12, 2025
imlonghao
@fedify/fedify has Improper Authentication and Incorrect Authorization High
CVE-2025-54888 was published for @fedify/fedify (npm) Aug 8, 2025
allouis dahlia
On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments... High Unreviewed
CVE-2025-53786 was published Aug 6, 2025
BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local... High Unreviewed
CVE-2025-0217 was published May 5, 2025
Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress... High Unreviewed
CVE-2025-6505 was published Jul 29, 2025
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient... High Unreviewed
CVE-2024-7401 was published Aug 26, 2024
A vulnerability in Imprivata Enterprise Access Management (formerly Imprivata OneSign) allows... High Unreviewed
CVE-2024-12310 was published Jul 23, 2025
Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows... High Unreviewed
CVE-2025-54452 was published Jul 23, 2025
Alchemy Non-SMA and Webauthn Account Security Advisory High
GHSA-56r6-ccm5-8hg3 was published for @account-kit/smart-contracts (npm) Jul 21, 2025
carlos-cow
Insufficient protection against brute-force and runtime manipulation in the local authentication... High Unreviewed
CVE-2025-41459 was published Jul 21, 2025
An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass... High Unreviewed
CVE-2025-37106 was published Jul 16, 2025
An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. High Unreviewed
CVE-2025-37107 was published Jul 16, 2025
An improper access control vulnerability was found in the EZ Sync Manager of ADM, which allows... High Unreviewed
CVE-2025-7699 was published Jul 16, 2025
In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP... High Unreviewed
CVE-2025-49812 was published Jul 10, 2025
An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. High Unreviewed
CVE-2024-51767 was published Jul 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database