Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,676
Erlang
34
GitHub Actions
26
Go
2,263
Maven
5,000+
npm
3,915
NuGet
705
pip
3,686
Pub
12
RubyGems
916
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

42 advisories

Loading
Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This... Critical Unreviewed
CVE-2025-39596 was published Apr 17, 2025
Weak authentication in Windows Active Directory Certificate Services allows an authorized... High Unreviewed
CVE-2025-27740 was published Apr 8, 2025
Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature... Moderate Unreviewed
CVE-2025-26635 was published Apr 8, 2025
A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions),... Critical Unreviewed
CVE-2024-54092 was published Apr 8, 2025
Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes... Moderate Unreviewed
CVE-2024-45551 was published Apr 7, 2025
Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol... Low Unreviewed
CVE-2025-29991 was published Apr 3, 2025
Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email... High Unreviewed
CVE-2025-31676 was published Apr 1, 2025
This vulnerability exists in the CAP back office application due to improper authentication check... High Unreviewed
CVE-2025-29994 was published Mar 13, 2025
Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability High
CVE-2025-24070 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) Mar 11, 2025
Hermes improperly validates a JWT High
CVE-2025-1293 was published for github.com/hashicorp-forge/hermes (Go) Feb 20, 2025
Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged... High Unreviewed
CVE-2024-52541 was published Feb 19, 2025
Orca HCM from LEARNING DIGITAL has an Improper Authentication vulnerability, allowing... Critical Unreviewed
CVE-2025-1387 was published Feb 17, 2025
A CWE-1390 "Weak Authentication" in the PIN authentication mechanism in Q-Free MaxTime less than... High Unreviewed
CVE-2025-26343 was published Feb 12, 2025
A vulnerability in the ClearPass Policy Manager web-based management interface allows a low... High Unreviewed
CVE-2025-23058 was published Feb 4, 2025
Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards ... Moderate Unreviewed
CVE-2025-21552 was published Jan 21, 2025
A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1,... High Unreviewed
CVE-2024-50563 was published Jan 16, 2025
A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0... Critical Unreviewed
CVE-2024-48886 was published Jan 14, 2025
Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication... Critical Unreviewed
CVE-2024-13239 was published Jan 9, 2025
Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE... High Unreviewed
CVE-2024-47397 was published Dec 18, 2024
Weak Authentication vulnerability in Guido VS Contact Form allows Authentication Abuse.This issue... Moderate Unreviewed
CVE-2023-41862 was published Dec 13, 2024
Active Directory Certificate Services Elevation of Privilege Vulnerability High Unreviewed
CVE-2024-49019 was published Nov 12, 2024
The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication... Critical Unreviewed
CVE-2024-45367 was published Oct 4, 2024
In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any... Moderate Unreviewed
CVE-2024-41722 was published Sep 26, 2024
In the goTenna Pro there is a vulnerability that makes it possible to inject any custom message... Moderate Unreviewed
CVE-2024-47127 was published Sep 26, 2024
Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September... Moderate Unreviewed
CVE-2024-8322 was published Sep 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database