GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
70 advisories
Filter by severity
Rancher has over-inclusive team membership expansion in GitHub App authentication provider
High
CVE-2026-41053
was published
for
github.com/rancher/rancher
(Go)
Jul 1, 2026
golang.org/x/crypto/ssh: Invoking VerifiedPublicKeyCallback permissions skip enforcement
Critical
CVE-2026-46595
was published
for
golang.org/x/crypto/ssh
(Go)
Jun 25, 2026
Incorrect caching of authentication between different polkit methods in qSnapper before version 1...
High
Unreviewed
CVE-2026-41048
was published
Jun 22, 2026
Incorrect caching of authentication between different users of the qSnapper dbus service before...
High
Unreviewed
CVE-2026-41049
was published
Jun 22, 2026
A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function...
Moderate
Unreviewed
CVE-2026-12773
was published
Jun 21, 2026
The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of...
Critical
Unreviewed
CVE-2026-50627
was published
Jun 12, 2026
Keycloak: Revoked Tokens Can Remain Active When Both Realm-Level and Client-Level `notBefore` Revocation Policies are Configured
Moderate
CVE-2026-8922
was published
for
org.keycloak:keycloak-services
(Maven)
May 19, 2026
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira &...
Critical
Unreviewed
CVE-2026-41103
was published
May 12, 2026
Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when...
High
Unreviewed
CVE-2026-43640
was published
May 11, 2026
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual...
High
Unreviewed
CVE-2026-0073
was published
May 4, 2026
CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC
High
CVE-2026-33190
was published
for
github.com/coredns/coredns
(Go)
Apr 28, 2026
Mattermost allows attackers to take over arbitrary user accounts via overly permissive substring matching flaw
Moderate
CVE-2026-27656
was published
for
github.com/mattermost/mattermost-server
(Go)
Mar 25, 2026
Tillitis TKey Client has an Error in Protocol Implementation
Moderate
CVE-2026-32953
was published
for
github.com/tillitis/tkeyclient
(Go)
Mar 17, 2026
MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP...
Critical
Unreviewed
CVE-2026-29515
was published
Mar 11, 2026
Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows...
Moderate
Unreviewed
CVE-2019-25436
was published
Feb 21, 2026
Mattermost fails to properly validate login method restrictions
Moderate
CVE-2026-0999
was published
for
github.com/mattermost/mattermost-server
(Go)
Feb 16, 2026
Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX...
Critical
Unreviewed
CVE-2025-14510
was published
Jan 16, 2026
Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card...
High
Unreviewed
CVE-2025-4676
was published
Jan 7, 2026
Mattermost with Jira plugin enabled has Incorrect Implementation of Authentication Algorithm
High
CVE-2025-14273
was published
for
github.com/mattermost/mattermost-plugin-jira
(Go)
Dec 22, 2025
The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions...
Critical
Unreviewed
CVE-2025-13390
was published
Dec 3, 2025
Mattermost fails to to verify the token used during code exchange
Critical
CVE-2025-12421
was published
for
github.com/mattermost/mattermost-server
(Go)
Nov 27, 2025
Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication
Critical
CVE-2025-12419
was published
for
github.com/mattermost/mattermost-server
(Go)
Nov 27, 2025
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an...
High
Unreviewed
CVE-2025-53782
was published
Oct 14, 2025
Python Social Auth - Django has unsafe account association
Moderate
CVE-2025-61783
was published
for
social-auth-app-django
(pip)
Oct 9, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release...
High
Unreviewed
CVE-2025-43727
was published
Oct 7, 2025
ProTip!
Advisories are also available from the
GraphQL API