Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to... High Unreviewed
CVE-2023-3263 was published Aug 14, 2023
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation High
CVE-2023-41890 was published for Kentor.AuthServices (NuGet) Sep 20, 2023
c53robin Credited to c53robin
The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an... High Unreviewed
CVE-2024-2098 was published Jun 13, 2024
Symfony has an Authentication Bypass via RememberMe High
CVE-2024-51996 was published for symfony/security-http (Composer) Nov 13, 2024
jderusse Credited to jderusse, m0xr4, and stof m0xr4 m0xr4
stof stof
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to,... High Unreviewed
CVE-2024-11283 was published Mar 14, 2025
Spring Security annotation detection mechanism has authorization bypass High
CVE-2025-41248 was published for org.springframework.security:spring-security-core (Maven) Sep 16, 2025
The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login... High Unreviewed
CVE-2025-60375 was published Oct 9, 2025
A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow... High Unreviewed
CVE-2025-55130 was published Jan 20, 2026
Soft Serve Affected by an Authentication Bypass High
CVE-2026-24058 was published for github.com/charmbracelet/soft-serve (Go) Jan 21, 2026
juancabe Credited to juancabe and aymanbagabas aymanbagabas aymanbagabas
OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths High
CVE-2026-32036 was published for openclaw (npm) Mar 3, 2026
zpbrent Credited to zpbrent
When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted... High Unreviewed
CVE-2026-56091 was published Jun 25, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database