Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

23 advisories

Loading
An unsafe default authentication vulnerability exists in the Initial Setup Authentication... High Unreviewed
CVE-2025-24322 was published Aug 20, 2025
LinkJoin through 882f196 mishandles token ownership in password reset. High Unreviewed
CVE-2025-55138 was published Aug 7, 2025
An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi... High Unreviewed
CVE-2024-12048 was published Mar 20, 2025
A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6... High Unreviewed
CVE-2024-52965 was published Jul 8, 2025
A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic.... Low Unreviewed
CVE-2025-5715 was published Jun 6, 2025
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient... Moderate Unreviewed
CVE-2025-43014 was published Apr 17, 2025
A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows... High Unreviewed
CVE-2024-9919 was published Mar 20, 2025
In composiohq/composio version 0.5.10, the API does not validate the `x-api-key` header's value... Critical Unreviewed
CVE-2024-8954 was published Mar 20, 2025
An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f... High Unreviewed
CVE-2024-9216 was published Mar 20, 2025
A missing check_access() function in the lollms_binding_infos module of the parisneo/lollms... High Unreviewed
CVE-2024-11302 was published Mar 20, 2025
Missing Critical Step in Authentication vulnerability in Elfatek Elektronics ANKA JPD-00028... Moderate Unreviewed
CVE-2024-12136 was published Mar 19, 2025
In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID.... High Unreviewed
CVE-2024-20153 was published Jan 6, 2025
2FA bypass in Wagtail through new device path Moderate
CVE-2019-16766 was published for wagtail-2fa (pip) Nov 29, 2019
Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions High
CVE-2023-3628 was published for org.infinispan:infinispan-server-rest (Maven) Dec 30, 2023
Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions High
CVE-2023-3629 was published for org.infinispan:infinispan-server-rest (Maven) Dec 30, 2023
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in... Critical Unreviewed
CVE-2024-45764 was published Nov 8, 2024
The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an... High Unreviewed
CVE-2023-52424 was published May 17, 2024
In parisneo/lollms-webui version v9.8, the lollms_binding_infos is missing the client_id... Moderate Unreviewed
CVE-2024-6040 was published Aug 1, 2024
Palantir discovered a software bug in a recently released version of Foundry’s Lime2 service, one... Moderate Unreviewed
CVE-2023-22833 was published Jul 6, 2023
Armeria SAML authentication bypass due to missing validation on unsigned SAML messages Critical
CVE-2024-1735 was published for com.linecorp.armeria:armeria-saml (Maven) Feb 26, 2024
lishiki
Keycloak vulnerable to session takeover with OIDC offline refreshtokens Moderate
CVE-2022-3916 was published for org.keycloak:keycloak-parent (Maven) Dec 13, 2022
Flintholm
Websocket requests did not call AuthenticateMethod Moderate
GHSA-5gjg-jgh4-gppm was published for github.com/ecnepsnai/web (Go) Jun 23, 2021
Missing Critical Step in Authentication in GitHub repository namelessmc/nameless prior to v2.0.2. High Unreviewed
CVE-2022-2821 was published Aug 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database