Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,779
Maven
5,000+
npm
4,384
NuGet
772
pip
4,163
Pub
12
RubyGems
964
Rust
1,073
Swift
45
Unreviewed advisories
All unreviewed
5,000+

26 advisories

Loading
An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit... High Unreviewed
CVE-2025-63807 was published Nov 20, 2025
A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during... High Unreviewed
CVE-2025-11084 was published Nov 11, 2025
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate... High Unreviewed
CVE-2025-59249 was published Oct 14, 2025
A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0... High Unreviewed
CVE-2025-49201 was published Oct 14, 2025
Weak authentication in Windows Installer allows an authorized attacker to elevate privileges... High Unreviewed
CVE-2025-50173 was published Aug 12, 2025
The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a... High Unreviewed
CVE-2025-1727 was published Jul 11, 2025
Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges... High Unreviewed
CVE-2025-7326 was published Jul 8, 2025
A username and password are required to authenticate to the central SinoTrack device management... High Unreviewed
CVE-2025-5484 was published Jun 12, 2025
Jenkins WSO2 Oauth Plugin Fails to Properly Authenticate User Credentials High
CVE-2025-47889 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) May 14, 2025
Weak authentication in Windows Active Directory Certificate Services allows an authorized... High Unreviewed
CVE-2025-27740 was published Apr 8, 2025
Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email... High Unreviewed
CVE-2025-31676 was published Apr 1, 2025
This vulnerability exists in the CAP back office application due to improper authentication check... High Unreviewed
CVE-2025-29994 was published Mar 13, 2025
Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability High
CVE-2025-24070 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Mar 11, 2025
dwelch2344 udlose
rbhanda
Credited to dwelch2344, udlose, and rbhanda
Hermes improperly validates a JWT High
CVE-2025-1293 was published for github.com/hashicorp-forge/hermes (Go) Feb 20, 2025
Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged... High Unreviewed
CVE-2024-52541 was published Feb 19, 2025
A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than... High Unreviewed
CVE-2025-26343 was published Feb 12, 2025
A vulnerability in the ClearPass Policy Manager web-based management interface allows a low... High Unreviewed
CVE-2025-23058 was published Feb 4, 2025
A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1,... High Unreviewed
CVE-2024-50563 was published Jan 16, 2025
Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE... High Unreviewed
CVE-2024-47397 was published Dec 18, 2024
Active Directory Certificate Services Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-49019 was published Nov 12, 2024
Windows Kerberos Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-38239 was published Sep 10, 2024
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-35248 was published Jun 11, 2024
An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass... High Unreviewed
CVE-2024-36787 was published Jun 7, 2024
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor... High Unreviewed
CVE-2024-29837 was published Apr 15, 2024
ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make... High Unreviewed
CVE-2023-4094 was published Sep 19, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database