Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,828
Maven
5,000+
npm
5,000+
NuGet
942
pip
5,000+
Pub
13
RubyGems
1,060
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

52 advisories

Loading
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto... Moderate Unreviewed
CVE-2026-0257 was published May 13, 2026
The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions... Critical Unreviewed
CVE-2025-14440 was published Dec 13, 2025
The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege... High Unreviewed
CVE-2026-5130 was published Mar 31, 2026
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. ... Critical Unreviewed
CVE-2014-125112 was published Mar 26, 2026
V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain... High Unreviewed
CVE-2008-5784 was published May 17, 2022
Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate... Moderate Unreviewed
CVE-2020-37007 was published Jan 29, 2026
WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that... High Unreviewed
CVE-2022-50926 was published Jan 14, 2026
An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The... Critical Unreviewed
CVE-2025-65212 was published Jan 6, 2026
COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that... High Unreviewed
CVE-2021-47706 was published Dec 9, 2025
A reliance on cookies without validation and integrity checking vulnerability in Fortinet... High Unreviewed
CVE-2025-64447 was published Dec 9, 2025
In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the ... Moderate Unreviewed
CVE-2025-48980 was published Oct 31, 2025
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0,... Moderate Unreviewed
CVE-2017-8034 was published May 13, 2022
An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to... Critical Unreviewed
CVE-2017-7279 was published May 13, 2022
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an... High Unreviewed
CVE-2017-6896 was published May 13, 2022
An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a... High Unreviewed
CVE-2024-55211 was published Apr 17, 2025
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on... Moderate Unreviewed
CVE-2024-39734 was published Jul 14, 2024
The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing... Critical Unreviewed
CVE-2025-2395 was published Mar 17, 2025
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on... Moderate Unreviewed
CVE-2021-20450 was published May 3, 2024
Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions... High Unreviewed
CVE-2023-32612 was published Jun 30, 2023
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an... Moderate Unreviewed
CVE-2024-1551 was published Feb 20, 2024
Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password,... Critical Unreviewed
CVE-2024-28288 was published Mar 30, 2024
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass... Moderate Unreviewed
CVE-2024-9820 was published Oct 15, 2024
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote... High Unreviewed
CVE-2024-9970 was published Oct 15, 2024
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics... Critical Unreviewed
CVE-2024-0947 was published Jun 27, 2024
The device allows an unauthenticated attacker to bypass authentication and modify the cookie to... High Unreviewed
CVE-2024-21872 was published Apr 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database