GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,295
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,107
Rust
1,492
Swift
61
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
LiteLLM: Authentication Bypass via Host Header Injection
Critical
CVE-2026-49468
was published
for
litellm
(pip)
Jun 16, 2026
Codechecker has an authentication bypass for certain API calls
Critical
CVE-2026-25660
was published
for
codechecker
(pip)
May 5, 2026
Sentry's improper authentication on SAML SSO process allows user identity linking
Critical
CVE-2026-42354
was published
for
sentry
(pip)
Apr 30, 2026
Django vulnerable to ASGI header spoofing via underscore/hyphen conflation
High
CVE-2026-3902
was published
for
Django
(pip)
Apr 7, 2026
Auth0OAuthenticator has an Authentication Bypass via Unverified Email Claims
High
CVE-2026-33175
was published
for
oauthenticator
(pip)
Apr 3, 2026
Python Social Auth - Django has unsafe account association
Moderate
CVE-2025-61783
was published
for
social-auth-app-django
(pip)
Oct 9, 2025
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages
High
CVE-2025-7346
was published
for
pyload-ng
(pip)
Jul 8, 2025
OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
Moderate
CVE-2025-32788
was published
for
octoprint
(pip)
Apr 22, 2025
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
High
CVE-2024-32977
was published
for
OctoPrint
(pip)
May 14, 2024
pretix potential IP address spoofing vulnerability
Moderate
CVE-2023-44463
was published
for
pretix
(pip)
Oct 2, 2023
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
Low
CVE-2023-41329
was published
for
com.github.tomakehurst:wiremock-jre8
(Maven)
Sep 8, 2023
python-jwt vulnerable to token forgery with new claims
Critical
CVE-2022-39227
was published
for
python-jwt
(pip)
Sep 21, 2022
Django WSGI Header Spoofing Vulnerability
Moderate
CVE-2015-0219
was published
for
Django
(pip)
May 17, 2022
Verification check bypass in Gate One
Moderate
CVE-2020-19003
was published
for
gateone
(pip)
Oct 12, 2021
Implementation trusts the "me" field returned by the authorization server without verifying it
Critical
GHSA-mjcr-rqjg-rhg3
was published
for
datasette-indieauth
(pip)
Nov 24, 2020
2FA bypass in Wagtail through new device path
Moderate
CVE-2019-16766
was published
for
wagtail-2fa
(pip)
Nov 29, 2019
ProTip!
Advisories are also available from the
GraphQL API