Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
58
GitHub Actions
50
Go
3,799
Maven
5,000+
npm
5,000+
NuGet
938
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,351
Swift
54
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

96 advisories

Loading
A flaw was found in the skupper console, a read-only interface that renders cluster network,... High Unreviewed
CVE-2024-12582 was published Dec 24, 2024
A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6,... High Unreviewed
CVE-2026-6266 was published May 4, 2026
Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation... Critical Unreviewed
CVE-2026-4670 was published Apr 30, 2026
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless... Critical Unreviewed
CVE-2024-50478 was published Oct 28, 2024
A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure... Moderate Unreviewed
CVE-2026-20152 was published Apr 15, 2026
A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 ... Moderate Unreviewed
CVE-2026-33892 was published Apr 14, 2026
Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users... High Unreviewed
CVE-2026-40039 was published Apr 13, 2026
The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and... Moderate Unreviewed
CVE-2023-4939 was published Oct 21, 2023
A use-after-return vulnerability exists in the `named` server when handling DNS queries signed... Moderate Unreviewed
CVE-2026-3591 was published Mar 25, 2026
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all... Critical Unreviewed
CVE-2024-1403 was published Feb 27, 2024
A vulnerability was found in OpenShift AI that allows for authentication bypass and privilege... High Unreviewed
CVE-2024-7557 was published Aug 12, 2024
A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical... Low Unreviewed
CVE-2025-31703 was published Mar 18, 2026
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the... Moderate Unreviewed
CVE-2026-3784 was published Mar 11, 2026
libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate... Moderate Unreviewed
CVE-2026-1965 was published Mar 11, 2026
Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG... High Unreviewed
CVE-2026-0869 was published Mar 3, 2026
Authentication bypass vulnerability in the device authentication module. Impact: Successful... Critical Unreviewed
CVE-2026-28536 was published Mar 5, 2026
IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS,... Moderate Unreviewed
CVE-2026-1713 was published Mar 3, 2026
An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet... High Unreviewed
CVE-2026-22153 was published Feb 10, 2026
A vulnerability in the secure configuration of authentication and management services in Brocade... High Unreviewed
CVE-2025-58382 was published Feb 3, 2026
Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten... Critical Unreviewed
CVE-2025-4320 was published Jan 23, 2026
A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and... Moderate Unreviewed
CVE-2025-68609 was published Jan 22, 2026
Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf Pro allows unspecified... Moderate Unreviewed
CVE-2026-1290 was published Jan 21, 2026
IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass... Critical Unreviewed
CVE-2025-13915 was published Dec 26, 2025
A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in... High Unreviewed
CVE-2024-10394 was published Nov 14, 2024
Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could... Critical Unreviewed
CVE-2024-49587 was published Dec 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database