Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

98 advisories

Loading
MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling High
CVE-2025-47776 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
dregad piru
Credited to dregad and piru
IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote... Critical Unreviewed
CVE-2025-36386 was published Oct 28, 2025
On Mercku M6a devices through 2.1.0, session tokens remain valid for at least months in some cases. Low Unreviewed
CVE-2025-62772 was published Oct 22, 2025
A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8... Moderate Unreviewed
CVE-2025-56224 was published Oct 20, 2025
An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS... Moderate Unreviewed
CVE-2025-59980 was published Oct 9, 2025
LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset... High Unreviewed
CVE-2025-56132 was published Sep 30, 2025
go-f3 Vulnerable to Cached Justification Verification Bypass Moderate
CVE-2025-59941 was published for github.com/filecoin-project/go-f3 (Go) Sep 29, 2025
lgprbs
Credited to lgprbs
Binding authentication bypass vulnerability in the devicemanager module. Impact: Successful... High Unreviewed
CVE-2025-54622 was published Aug 6, 2025
RatPanel can perform remote command execution without authorization High
CVE-2025-53534 was published for github.com/tnborg/panel (Go) Aug 4, 2025
LTLTLXEY devhaozi
Credited to LTLTLXEY and devhaozi
Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and... High Unreviewed
CVE-2025-31965 was published Jul 29, 2025
File Browser’s insecure JWT handling can lead to session replay attacks after logout High
CVE-2025-53826 was published for github.com/filebrowser/filebrowser (Go) Jul 16, 2025
maen08 hacdias
Credited to maen08 and hacdias
Authentication vulnerability in the distributed collaboration framework module Impact: Successful... Moderate Unreviewed
CVE-2025-53167 was published Jul 7, 2025
File Browser's password protection of links is bypassable Low
CVE-2025-52996 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig hacdias
Credited to mtausig and hacdias
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by... Critical Unreviewed
CVE-2025-46801 was published May 19, 2025
OPKSSH Vulnerable to Authentication Bypass Critical
CVE-2025-4658 was published for github.com/openpubkey/opkssh (Go) May 13, 2025
EthanHeilman
Credited to EthanHeilman
OpenPubkey Vulnerable to Authentication Bypass Critical
CVE-2025-3757 was published for github.com/openpubkey/openpubkey (Go) May 13, 2025
EthanHeilman
Credited to EthanHeilman
SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass... Moderate Unreviewed
CVE-2025-46750 was published May 12, 2025
Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM... High Unreviewed
CVE-2025-41450 was published May 8, 2025
KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a... Critical Unreviewed
CVE-2025-32011 was published May 2, 2025
KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured... Critical Unreviewed
CVE-2025-24522 was published May 2, 2025
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the... Critical Unreviewed
CVE-2025-31161 was published Apr 3, 2025
The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and... Moderate Unreviewed
CVE-2025-31192 was published Apr 1, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and... Moderate Unreviewed
CVE-2025-30428 was published Apr 1, 2025
In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password... High Unreviewed
CVE-2024-12776 was published Mar 20, 2025
Security Update for the OPC UA .NET Standard Stack Moderate
CVE-2024-42513 was published for OPCFoundation.NetStandard.Opc.Ua.Bindings.Https (NuGet) Mar 3, 2025
TomTervoort
Credited to TomTervoort
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database