Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,828
Maven
5,000+
npm
5,000+
NuGet
942
pip
5,000+
Pub
13
RubyGems
1,060
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

64 advisories

Loading
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0,... Moderate Unreviewed
CVE-2017-8034 was published May 13, 2022
In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the ... Moderate Unreviewed
CVE-2025-48980 was published Oct 31, 2025
A reliance on cookies without validation and integrity checking vulnerability in Fortinet... High Unreviewed
CVE-2025-64447 was published Dec 9, 2025
COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that... High Unreviewed
CVE-2021-47706 was published Dec 9, 2025
An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The... Critical Unreviewed
CVE-2025-65212 was published Jan 6, 2026
WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that... High Unreviewed
CVE-2022-50926 was published Jan 14, 2026
Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate... Moderate Unreviewed
CVE-2020-37007 was published Jan 29, 2026
V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain... High Unreviewed
CVE-2008-5784 was published May 17, 2022
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. ... Critical Unreviewed
CVE-2014-125112 was published Mar 26, 2026
The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege... High Unreviewed
CVE-2026-5130 was published Mar 31, 2026
The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions... Critical Unreviewed
CVE-2025-14440 was published Dec 13, 2025
Serendipity has a Host Header Injection allows authentication cookie scoping to attacker-controlled domain in functions_config.inc.php Moderate
CVE-2026-39963 was published for s9y/serendipity (Composer) Apr 14, 2026
mabjr33 Credited to mabjr33
Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization Critical
CVE-2026-39324 was published for rack-session (RubyGems) Apr 8, 2026
sm1ee Credited to sm1ee, ioquatix, and jeremyevans ioquatix ioquatix
jeremyevans jeremyevans
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto... Moderate Unreviewed
CVE-2026-0257 was published May 13, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database