Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,140
Maven
5,000+
npm
3,800
NuGet
687
pip
3,478
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

309 advisories

Loading
The control component has a spoofing vulnerability. Successful exploitation of this vulnerability... Critical Unreviewed
CVE-2022-48349 was published Mar 28, 2023
Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The... Moderate Unreviewed
CVE-2020-6158 was published Feb 21, 2025
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Night Club Booking... Moderate Unreviewed
CVE-2023-51321 was published Feb 20, 2025
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software... Moderate Unreviewed
CVE-2023-51327 was published Feb 20, 2025
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Shared Asset Booking... Moderate Unreviewed
CVE-2023-51323 was published Feb 20, 2025
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software... Moderate Unreviewed
CVE-2023-51326 was published Feb 20, 2025
AspNetCore Remote Authenticator for CIE3.0 Allows SAML Response Signature Verification Bypass Critical
CVE-2025-24895 was published for CIE.AspNetCore.Authentication (NuGet) Feb 18, 2025
smaury Paupu
fromVeeko
The AspNetCore Remote Authenticator for SPID Allows SAML Response Signature Verification Bypass Critical
CVE-2025-24894 was published for SPID.AspNetCore.Authentication (NuGet) Feb 18, 2025
smaury Paupu
fromVeeko
Authentication bypass by spoofing issue exists in FileMegane versions above 1.0.0.0 prior to 3.4... Moderate Unreviewed
CVE-2025-25055 was published Feb 18, 2025
Grafana vulnerable to Authentication Bypass by Spoofing Critical
CVE-2023-3128 was published for github.com/grafana/grafana (Go) Jun 22, 2023
Apache HugeGraph-Server: Bypass whitelist in Auth mode High
CVE-2024-27349 was published for org.apache.hugegraph:hugegraph-api (Maven) Apr 22, 2024
AMI SPx contains a vulnerability in BMC where a User may cause an authentication bypass by... High Unreviewed
CVE-2023-34329 was published Jul 18, 2023
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote... Critical Unreviewed
CVE-2023-31424 was published Aug 31, 2023
The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and... Critical Unreviewed
CVE-2022-3180 was published Feb 12, 2025
Apache Zeppelin: Replacing other users notebook, bypassing any permissions Moderate
CVE-2024-31863 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
Authentication Bypass by Spoofing in OPC UA .NET Standard Stack Moderate
CVE-2024-42513 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Feb 10, 2025
The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1... Moderate Unreviewed
CVE-2024-36557 was published Feb 6, 2025
A missing delay in popup notifications could have made it possible for an attacker to trick a... High Unreviewed
CVE-2023-32207 was published Jun 2, 2023
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of... Low Unreviewed
CVE-2024-54158 was published Dec 4, 2024
Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to... Critical Unreviewed
CVE-2025-21415 was published Jan 30, 2025
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing Moderate
CVE-2024-23953 was published for org.apache.hive:hive-llap-common (Maven) Jan 28, 2025
Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity... Moderate Unreviewed
CVE-2025-24628 was published Jan 27, 2025
By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it... Critical Unreviewed
CVE-2024-29006 was published Apr 4, 2024
In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and... High Unreviewed
CVE-2025-24458 was published Jan 21, 2025
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a... Moderate Unreviewed
CVE-2025-0446 was published Jan 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database