Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,824
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

64 advisories

Loading
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto... Moderate Unreviewed
CVE-2026-0257 was published May 13, 2026
Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization Critical
CVE-2026-39324 was published for rack-session (RubyGems) Apr 8, 2026
sm1ee Credited to sm1ee, ioquatix, and jeremyevans ioquatix ioquatix
jeremyevans jeremyevans
Serendipity has a Host Header Injection allows authentication cookie scoping to attacker-controlled domain in functions_config.inc.php Moderate
CVE-2026-39963 was published for s9y/serendipity (Composer) Apr 14, 2026
mabjr33 Credited to mabjr33
The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions... Critical Unreviewed
CVE-2025-14440 was published Dec 13, 2025
The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege... High Unreviewed
CVE-2026-5130 was published Mar 31, 2026
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. ... Critical Unreviewed
CVE-2014-125112 was published Mar 26, 2026
V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain... High Unreviewed
CVE-2008-5784 was published May 17, 2022
Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate... Moderate Unreviewed
CVE-2020-37007 was published Jan 29, 2026
WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that... High Unreviewed
CVE-2022-50926 was published Jan 14, 2026
An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The... Critical Unreviewed
CVE-2025-65212 was published Jan 6, 2026
COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that... High Unreviewed
CVE-2021-47706 was published Dec 9, 2025
A reliance on cookies without validation and integrity checking vulnerability in Fortinet... High Unreviewed
CVE-2025-64447 was published Dec 9, 2025
In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the ... Moderate Unreviewed
CVE-2025-48980 was published Oct 31, 2025
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0,... Moderate Unreviewed
CVE-2017-8034 was published May 13, 2022
An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to... Critical Unreviewed
CVE-2017-7279 was published May 13, 2022
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an... High Unreviewed
CVE-2017-6896 was published May 13, 2022
An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a... High Unreviewed
CVE-2024-55211 was published Apr 17, 2025
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on... Moderate Unreviewed
CVE-2024-39734 was published Jul 14, 2024
The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing... Critical Unreviewed
CVE-2025-2395 was published Mar 17, 2025
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on... Moderate Unreviewed
CVE-2021-20450 was published May 3, 2024
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions... High Unreviewed
CVE-2023-32612 was published Jun 30, 2023
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an... Moderate Unreviewed
CVE-2024-1551 was published Feb 20, 2024
Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password,... Critical Unreviewed
CVE-2024-28288 was published Mar 30, 2024
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing Moderate
CVE-2024-21583 was published for github.com/gitpod-io/gitpod (Go) Jul 19, 2024
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass... Moderate Unreviewed
CVE-2024-9820 was published Oct 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database