Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

897 advisories

Loading
The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and... Critical Unreviewed
CVE-2022-41545 was published Feb 18, 2025
A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits... Critical Unreviewed
CVE-2024-57045 was published Feb 18, 2025
A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier... Critical Unreviewed
CVE-2024-57049 was published Feb 18, 2025
A vulnerability in the TP-Link WR840N v6 router with firmware version 0.9.1 4.16 and earlier... Critical Unreviewed
CVE-2024-57050 was published Feb 18, 2025
Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of... Critical Unreviewed
CVE-2025-1298 was published Feb 14, 2025
Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows... Critical Unreviewed
CVE-2025-1044 was published Feb 11, 2025
An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via... Critical Unreviewed
CVE-2024-48445 was published Feb 5, 2025
**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy... Critical Unreviewed
CVE-2025-0890 was published Feb 4, 2025
It has been found that the Beta10 software does not provide for proper authorisation control in... Critical Unreviewed
CVE-2025-0637 was published Jan 23, 2025
Sentry's improper authentication on SAML SSO process allows user impersonation Critical
CVE-2025-22146 was published for sentry (pip) Jan 15, 2025
Muhammad-Qasim-Munir
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content... Critical Unreviewed
CVE-2024-12919 was published Jan 14, 2025
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to... Critical Unreviewed
CVE-2025-0070 was published Jan 14, 2025
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote... Critical Unreviewed
CVE-2024-53704 was published Jan 9, 2025
The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all... Critical Unreviewed
CVE-2024-12264 was published Jan 7, 2025
The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all... Critical Unreviewed
CVE-2024-12287 was published Dec 18, 2024
The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all... Critical Unreviewed
CVE-2024-11015 was published Dec 12, 2024
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s Critical
CVE-2024-53990 was published for org.asynchttpclient:async-http-client (Maven) Dec 2, 2024
pickypg
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability.... Critical Unreviewed
CVE-2024-11680 was published Nov 26, 2024
The web application uses a weak authentication mechanism to verify that a request is coming from... Critical Unreviewed
CVE-2024-45369 was published Nov 23, 2024
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes Critical
CVE-2024-47533 was published for cobbler (pip) Nov 18, 2024
opoplawski
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless... Critical Unreviewed
CVE-2024-50478 was published Oct 28, 2024
In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which... Critical Unreviewed
CVE-2024-7763 was published Oct 24, 2024
Improper Authentication vulnerability in Apache Solr Critical
CVE-2024-45216 was published for org.apache.solr:solr (Maven) Oct 16, 2024
The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in... Critical Unreviewed
CVE-2020-36832 was published Oct 16, 2024
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an... Critical Unreviewed
CVE-2024-45115 was published Oct 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database