Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Authentication Bypass by Alternate Name in Apache Tomcat Moderate
CVE-2021-30640 was published for org.apache.tomcat:tomcat (Maven) Aug 13, 2021
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation High
CVE-2023-41890 was published for Kentor.AuthServices (NuGet) Sep 20, 2023
c53robin Credited to c53robin
Missing key verification in gost Critical
CVE-2024-39223 was published for github.com/ginuerzh/gost (Go) Jul 3, 2024
Symfony has an Authentication Bypass via RememberMe High
CVE-2024-51996 was published for symfony/security-http (Composer) Nov 13, 2024
jderusse Credited to jderusse, m0xr4, and stof m0xr4 m0xr4
stof stof
Moodle Lesson activity password bypass through PHP loose comparison Moderate
CVE-2024-45691 was published for moodle/moodle (Composer) Nov 20, 2024
Hail relies on OIDC email claims to verify the validity of a user's domain. Moderate
CVE-2023-51663 was published for hail (pip) Jan 2, 2024
Spring Security annotation detection mechanism has authorization bypass High
CVE-2025-41248 was published for org.springframework.security:spring-security-core (Maven) Sep 16, 2025
authentik allows a deactivated Service account to authenticate to OAuth Moderate
CVE-2025-64521 was published for goauthentik.io (Go) Nov 19, 2025
Soft Serve Affected by an Authentication Bypass High
CVE-2026-24058 was published for github.com/charmbracelet/soft-serve (Go) Jan 21, 2026
juancabe Credited to juancabe and aymanbagabas aymanbagabas aymanbagabas
Apache Shiro has an Authentication Bypass Moderate
CVE-2026-23903 was published for org.apache.shiro:shiro-spring (Maven) Feb 9, 2026
saivarun3407 Credited to saivarun3407
OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths High
CVE-2026-32036 was published for openclaw (npm) Mar 3, 2026
zpbrent Credited to zpbrent
OpenClaw's MS Teams sender allowlist bypass when route allowlist is configured and sender allowlist is empty Moderate
CVE-2026-34506 was published for openclaw (npm) Mar 12, 2026
zpbrent Credited to zpbrent
Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata Low
GHSA-3633-5h82-39pq was published for github.com/theupdateframework/go-tuf (Go) Sep 16, 2022
cedricvanrompay-datadog Credited to cedricvanrompay-datadog, 0xVijay, kommendorkapten, and rdimitrov 0xVijay 0xVijay
kommendorkapten kommendorkapten rdimitrov rdimitrov
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database