GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,352
Composer 4,362
Erlang 33
GitHub Actions 22
Go 2,134
Maven 5,313
npm 3,797
NuGet 687
pip 3,473
Pub 12
RubyGems 896
Rust 897
Swift 38

Unreviewed advisories

All unreviewed 245,318

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

364 advisories

Filter by severity

Sort by

Least recently updated

The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed

CVE-2024-8943 was published Oct 8, 2024

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version... Critical Unreviewed

CVE-2022-40684 was published Oct 18, 2022

Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality,... Critical Unreviewed

CVE-2024-8584 was published Sep 9, 2024

The administrative web interface of mySCADA myPRO Manager can be accessed without... Critical Unreviewed

CVE-2025-24865 was published Feb 14, 2025

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote... Critical Unreviewed

CVE-2025-0896 was published Feb 13, 2025

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q... Critical Unreviewed

CVE-2025-26344 was published Feb 12, 2025

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free... Critical Unreviewed

CVE-2025-26345 was published Feb 12, 2025

A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free... Critical Unreviewed

CVE-2025-26339 was published Feb 12, 2025

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q... Critical Unreviewed

CVE-2025-26341 was published Feb 12, 2025

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q... Critical Unreviewed

CVE-2025-26342 was published Feb 12, 2025

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free... Critical Unreviewed

CVE-2025-26347 was published Feb 12, 2025

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free... Critical Unreviewed

CVE-2025-26361 was published Feb 12, 2025

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q... Critical Unreviewed

CVE-2025-26359 was published Feb 12, 2025

Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability Critical Unreviewed

CVE-2025-21198 was published Feb 11, 2025

Built-in SMS-configuration command in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1... Critical Unreviewed

CVE-2024-36555 was published Feb 6, 2025

The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in... Critical Unreviewed

CVE-2024-7503 was published Aug 12, 2024

The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does... Critical Unreviewed

CVE-2010-5326 was published May 13, 2022

Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege... Critical Unreviewed

CVE-2023-51478 was published Apr 25, 2024

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and... Critical Unreviewed

CVE-2021-44077 was published Nov 30, 2021

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass... Critical Unreviewed

CVE-2024-9644 was published Feb 4, 2025

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component:... Critical Unreviewed

CVE-2025-21524 was published Jan 21, 2025

An unauthenticated remote attacker can modify configurations to perform a remote code execution... Critical Unreviewed

CVE-2024-25995 was published Mar 12, 2024

The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed

CVE-2024-10284 was published Nov 9, 2024

The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business... Critical Unreviewed

CVE-2022-26143 was published Mar 11, 2022

Undisclosed requests may bypass configuration utility authentication, allowing an attacker... Critical Unreviewed

CVE-2023-46747 was published Oct 26, 2023

Previous 1 2 3 4 5 … 14 15 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

364 advisories