Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,361
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,794
NuGet
685
pip
3,473
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,629 advisories

Loading
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to hijack a user's... High Unreviewed
CVE-2025-0981 was published Feb 18, 2025
Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of... Critical Unreviewed
CVE-2025-1298 was published Feb 14, 2025
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-13528 was published Feb 12, 2025
An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate... Moderate Unreviewed
CVE-2024-54916 was published Feb 12, 2025
Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows... Critical Unreviewed
CVE-2025-1044 was published Feb 11, 2025
Windows Remote Desktop Configuration Service Tampering Vulnerability Moderate Unreviewed
CVE-2025-21349 was published Feb 11, 2025
An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to... Moderate Unreviewed
CVE-2024-52968 was published Feb 11, 2025
Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an... Moderate Unreviewed
CVE-2025-1231 was published Feb 11, 2025
Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal... High Unreviewed
CVE-2024-46434 was published Feb 10, 2025
A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This... Moderate Unreviewed
CVE-2025-1104 was published Feb 7, 2025
When multiple server blocks are configured to share the same IP address and port, an attacker can... Moderate Unreviewed
CVE-2025-23419 was published Feb 5, 2025
An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2024-48445 was published Feb 5, 2025
**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy... Critical Unreviewed
CVE-2025-0890 was published Feb 4, 2025
If LDAP settings are accessed, authentication could be redirected to another server, potentially... Moderate Unreviewed
CVE-2024-12510 was published Feb 3, 2025
API Security bypass through header manipulation Moderate Unreviewed
CVE-2024-55925 was published Jan 23, 2025
It has been found that the Beta10 software does not provide for proper authorisation control in... Critical Unreviewed
CVE-2025-0637 was published Jan 23, 2025
Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak Moderate
CVE-2025-0604 was published for org.keycloak:keycloak-ldap-federation (Maven) Jan 22, 2025
matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content Moderate
CVE-2024-36402 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
Sentry's improper authentication on SAML SSO process allows user impersonation Critical
CVE-2025-22146 was published for sentry (pip) Jan 15, 2025
Muhammad-Qasim-Munir
A denial-of-service vulnerability exists in CyberPower PowerPanel Business (PPB) 4.11.0. An... High Unreviewed
CVE-2024-11322 was published Jan 15, 2025
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content... Critical Unreviewed
CVE-2024-12919 was published Jan 14, 2025
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to... Critical Unreviewed
CVE-2025-0070 was published Jan 14, 2025
HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys,... Moderate Unreviewed
CVE-2024-42172 was published Jan 11, 2025
A user with administrator privileges is able to retrieve authentication tokens Moderate Unreviewed
CVE-2024-9133 was published Jan 11, 2025
Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2024-13309 was published Jan 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database