Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,558
Maven
5,000+
npm
4,232
NuGet
751
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

67 advisories

Loading
Alt Redirect: Potential Authentication Bypass by Spoofing through query-string stripping logic flaw Moderate
CVE-2025-60868 was published for alt-design/alt-redirect (Composer) Oct 10, 2025
Alt-Ben
Credited to Alt-Ben
Python Social Auth - Django has unsafe account association Moderate
CVE-2025-61783 was published for social-auth-app-django (pip) Oct 9, 2025
mel-mason vanya909
nijel
Credited to mel-mason, vanya909, and nijel
Akka.Remote TLS did not properly implement certificate-based authentication Critical
CVE-2025-61778 was published for Akka.Cluster (NuGet) Oct 7, 2025
Aaronontheweb
Credited to Aaronontheweb
Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server Moderate
CVE-2025-54288 was published for github.com/canonical/lxd (Go) Oct 2, 2025
Coder AgentAPI exposed user chat history via a DNS rebinding attack Moderate
CVE-2025-59956 was published for github.com/coder/agentapi (Go) Sep 29, 2025
eharris128
Credited to eharris128
Openfire has potential identity spoofing issue via unsafe CN parsing Moderate
CVE-2025-59154 was published for org.igniterealtime.openfire:xmppserver (Maven) Sep 16, 2025
onmywaytoheaven
Credited to onmywaytoheaven
HydrAIDE Authentication Bypass Vulnerability Critical
GHSA-qp7j-x725-g67f was published for github.com/hydraide/hydraide (Go) Aug 19, 2025
yyewolf
Credited to yyewolf
OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion Critical
CVE-2025-54576 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Jul 30, 2025
jennifer-recurity
Credited to jennifer-recurity
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages High
CVE-2025-7346 was published for pyload-ng (pip) Jul 8, 2025
PinkDraconian
Credited to PinkDraconian
matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator Moderate
CVE-2025-48937 was published for matrix-sdk-crypto (Rust) Jun 10, 2025
dkasak richvdh
Credited to dkasak and richvdh
Babylon Finality Provider `MsgCommitPubRandList` replay attack High
GHSA-7mm3-vfg8-7rg6 was published for github.com/babylonlabs-io/babylon (Go) May 15, 2025
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling High
CVE-2025-46573 was published for passport-wsfed-saml2 (npm) May 6, 2025
kevinroh-okta
Credited to kevinroh-okta
OctoPrint Authenticated Reverse Proxy Page Authentication Bypass Moderate
CVE-2025-32788 was published for octoprint (pip) Apr 22, 2025
jacopotediosi
Credited to jacopotediosi
Spring Security Vulnerable to Authorization Bypass via Security Annotations Moderate
CVE-2025-22223 was published for org.springframework.security:spring-security-core (Maven) Mar 24, 2025
Fast-JWT Improperly Validates iss Claims Moderate
CVE-2025-30144 was published for fast-jwt (npm) Mar 19, 2025
tibrn
Credited to tibrn
Vela Server Has Insufficient Webhook Payload Data Verification High
CVE-2025-27616 was published for github.com/go-vela/server (Go) Mar 10, 2025
Security Update for the OPC UA .NET Standard Stack Moderate
CVE-2024-42513 was published for OPCFoundation.NetStandard.Opc.Ua.Bindings.Https (NuGet) Mar 3, 2025
TomTervoort
Credited to TomTervoort
AspNetCore Remote Authenticator for CIE3.0 Allows SAML Response Signature Verification Bypass Critical
CVE-2025-24895 was published for CIE.AspNetCore.Authentication (NuGet) Feb 18, 2025
smaury Paupu
fromVeeko
Credited to smaury, Paupu, and fromVeeko
The AspNetCore Remote Authenticator for SPID Allows SAML Response Signature Verification Bypass Critical
CVE-2025-24894 was published for SPID.AspNetCore.Authentication (NuGet) Feb 18, 2025
smaury Paupu
fromVeeko
Credited to smaury, Paupu, and fromVeeko
Duplicate Advisory: Authentication Bypass by Spoofing in OPC UA .NET Standard Stack Moderate
GHSA-7wwr-h8cm-9jf7 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Feb 10, 2025 withdrawn
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing Moderate
CVE-2024-23953 was published for org.apache.hive:hive-llap-common (Maven) Jan 28, 2025
Oqtane Framework Incorrect Access Control vulnerability High
CVE-2024-55470 was published for Oqtane.Framework (NuGet) Dec 20, 2024
Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server High
CVE-2024-51504 was published for org.apache.zookeeper:zookeeper (Maven) Nov 7, 2024
ferdlestier
Credited to ferdlestier
Mellium allows Authentication Bypass by Spoofing Critical
CVE-2024-46957 was published for mellium.im/xmpp (Go) Sep 25, 2024
CoreDNS Cache Poisoning via a birthday attack Moderate
CVE-2023-30464 was published for github.com/coredns/coredns (Go) Sep 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database