Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

65 advisories

Loading
A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local... Moderate Unreviewed
CVE-2025-62844 was published Mar 20, 2026
Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions. Moderate Unreviewed
CVE-2025-15595 was published Mar 3, 2026
Sensitive information disclosure and manipulation due to improper authentication. The following... High Unreviewed
CVE-2026-28710 was published Mar 6, 2026
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability... Critical Unreviewed
CVE-2025-40552 was published Jan 28, 2026
Sensitive data disclosure and manipulation due to improper authentication. The following products... Critical Unreviewed
CVE-2025-30412 was published Feb 20, 2026
Sensitive data disclosure and manipulation due to improper authentication. The following products... Critical Unreviewed
CVE-2025-30411 was published Feb 20, 2026
A weak authentication vulnerability has been reported to affect File Station 5. The remote... Low Unreviewed
CVE-2025-57713 was published Feb 11, 2026
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability... Critical Unreviewed
CVE-2025-40554 was published Jan 28, 2026
phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by... Critical Unreviewed
CVE-2023-53894 was published Dec 16, 2025
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor... High Unreviewed
CVE-2024-29837 was published Apr 15, 2024
An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit... High Unreviewed
CVE-2025-63807 was published Nov 20, 2025
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing... Critical Unreviewed
CVE-2025-12870 was published Nov 12, 2025
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing... Critical Unreviewed
CVE-2025-12871 was published Nov 12, 2025
A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during... High Unreviewed
CVE-2025-11084 was published Nov 11, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 26 and... Moderate Unreviewed
CVE-2025-30468 was published Sep 16, 2025
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate... High Unreviewed
CVE-2025-59249 was published Oct 14, 2025
A weak authentication in Fortinet FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0... High Unreviewed
CVE-2025-49201 was published Oct 14, 2025
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission... Critical Unreviewed
CVE-2024-0949 was published Jun 27, 2024
The /n software IPWorks SSH library SFTPServer component can be induced to make unintended... Low Unreviewed
CVE-2024-6580 was published Jul 8, 2024
Weak authentication in Windows Installer allows an authorized attacker to elevate privileges... High Unreviewed
CVE-2025-50173 was published Aug 12, 2025
Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges... High Unreviewed
CVE-2025-7326 was published Jul 8, 2025
Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges... Moderate Unreviewed
CVE-2025-47995 was published Jul 18, 2025
The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a... High Unreviewed
CVE-2025-1727 was published Jul 11, 2025
Weak Authentication vulnerability in AresIT WP Compress allows Authentication Abuse. This issue... Moderate Unreviewed
CVE-2025-47479 was published Jul 4, 2025
A username and password are required to authenticate to the central SinoTrack device management... High Unreviewed
CVE-2025-5484 was published Jun 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database