GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
66 advisories
Filter by severity
Authentication Bypass by Spoofing vulnerability in Apache IoTDB.
Certain Thrift RPC query...
Critical
Unreviewed
CVE-2026-24013
was published
Jul 6, 2026
The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows...
Critical
Unreviewed
CVE-2018-5353
was published
May 24, 2022
NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication....
Critical
Unreviewed
CVE-2026-24270
was published
Jul 1, 2026
Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author....
Critical
Unreviewed
CVE-2026-58370
was published
Jun 30, 2026
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and...
Critical
Unreviewed
CVE-2026-22797
was published
Jan 19, 2026
The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers to impersonate any user...
Critical
Unreviewed
CVE-2026-56020
was published
Jun 18, 2026
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization...
Critical
Unreviewed
CVE-2026-36537
was published
Jun 15, 2026
Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate...
Critical
Unreviewed
CVE-2026-48567
was published
Jun 5, 2026
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.
Critical
Unreviewed
CVE-2026-8644
was published
Jun 1, 2026
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all...
Critical
Unreviewed
CVE-2021-22779
was published
May 24, 2022
Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows...
Critical
Unreviewed
CVE-2023-4178
was published
Sep 5, 2023
OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user...
Critical
Unreviewed
CVE-2021-47923
was published
May 10, 2026
A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the...
Critical
Unreviewed
CVE-2026-6213
was published
May 8, 2026
Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness...
Critical
Unreviewed
CVE-2018-25317
was published
Apr 29, 2026
Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows...
Critical
Unreviewed
CVE-2018-25318
was published
Apr 29, 2026
Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows...
Critical
Unreviewed
CVE-2018-25316
was published
Apr 29, 2026
In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables...
Critical
Unreviewed
CVE-2025-59706
was published
Mar 25, 2026
In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account...
Critical
Unreviewed
CVE-2025-59707
was published
Mar 25, 2026
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects...
Critical
Unreviewed
CVE-2026-2800
was published
Feb 24, 2026
Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to...
Critical
Unreviewed
CVE-2025-71056
was published
Feb 23, 2026
Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin...
Critical
Unreviewed
CVE-2025-58595
was published
Nov 6, 2025
Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication...
Critical
Unreviewed
CVE-2025-11250
was published
Jan 13, 2026
The authentication mechanism on web interface is not properly implemented. It is possible to...
Critical
Unreviewed
CVE-2025-36754
was published
Dec 13, 2025
Bypass vulnerability in the authentication method in the GTT Tax Information System application,...
Critical
Unreviewed
CVE-2025-13953
was published
Dec 10, 2025
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication...
Critical
Unreviewed
CVE-2023-30803
was published
Oct 10, 2023
ProTip!
Advisories are also available from the
GraphQL API