GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
66 advisories
Filter by severity
Authentication Bypass by Spoofing vulnerability in Apache IoTDB.
Certain Thrift RPC query...
Critical
Unreviewed
CVE-2026-24013
was published
Jul 6, 2026
NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication....
Critical
Unreviewed
CVE-2026-24270
was published
Jul 1, 2026
Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author....
Critical
Unreviewed
CVE-2026-58370
was published
Jun 30, 2026
The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user...
Critical
Unreviewed
CVE-2026-56020
was published
Jun 18, 2026
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization...
Critical
Unreviewed
CVE-2026-36537
was published
Jun 15, 2026
Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate...
Critical
Unreviewed
CVE-2026-48567
was published
Jun 5, 2026
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.
Critical
Unreviewed
CVE-2026-8644
was published
Jun 1, 2026
OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user...
Critical
Unreviewed
CVE-2021-47923
was published
May 10, 2026
A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the...
Critical
Unreviewed
CVE-2026-6213
was published
May 8, 2026
Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness...
Critical
Unreviewed
CVE-2018-25317
was published
Apr 29, 2026
Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows...
Critical
Unreviewed
CVE-2018-25318
was published
Apr 29, 2026
Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows...
Critical
Unreviewed
CVE-2018-25316
was published
Apr 29, 2026
In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables...
Critical
Unreviewed
CVE-2025-59706
was published
Mar 25, 2026
In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account...
Critical
Unreviewed
CVE-2025-59707
was published
Mar 25, 2026
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects...
Critical
Unreviewed
CVE-2026-2800
was published
Feb 24, 2026
Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to...
Critical
Unreviewed
CVE-2025-71056
was published
Feb 23, 2026
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and...
Critical
Unreviewed
CVE-2026-22797
was published
Jan 19, 2026
Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication...
Critical
Unreviewed
CVE-2025-11250
was published
Jan 13, 2026
The authentication mechanism on web interface is not properly implemented. It is possible to...
Critical
Unreviewed
CVE-2025-36754
was published
Dec 13, 2025
Bypass vulnerability in the authentication method in the GTT Tax Information System application,...
Critical
Unreviewed
CVE-2025-13953
was published
Dec 10, 2025
An attacker could take over a Looker account in a Looker instance configured with OIDC...
Critical
Unreviewed
CVE-2025-12414
was published
Nov 20, 2025
Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin...
Critical
Unreviewed
CVE-2025-58595
was published
Nov 6, 2025
Official Document Management System developed by 2100 Technology has an Authentication Bypass...
Critical
Unreviewed
CVE-2025-8853
was published
Aug 11, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release...
Critical
Unreviewed
CVE-2025-36594
was published
Aug 4, 2025
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in...
Critical
Unreviewed
CVE-2025-43245
was published
Jul 30, 2025
ProTip!
Advisories are also available from the
GraphQL API