Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,489
Maven
5,000+
npm
5,000+
NuGet
892
pip
4,745
Pub
13
RubyGems
1,033
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

463 advisories

Loading
Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate... High Unreviewed
CVE-2026-25357 was published Mar 25, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress &... High Unreviewed
CVE-2026-25002 was published Mar 25, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Wasiliy Strecker /... Critical Unreviewed
CVE-2026-25035 was published Mar 25, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Dokan, Inc. Dokan dokan... High Unreviewed
CVE-2026-24359 was published Mar 25, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows... Moderate Unreviewed
CVE-2026-3214 was published Mar 25, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable... High Unreviewed
CVE-2026-1917 was published Mar 25, 2026
Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149 and... Critical Unreviewed
CVE-2026-4700 was published Mar 24, 2026
Vikunja has a 2FA Bypass via Caldav Basic Auth Moderate
CVE-2026-33315 was published for code.vikunja.io/api (Go) Mar 20, 2026
alp1n3-dev Credited to alp1n3-dev
Spring Boot has an Authentication Bypass under Actuator CloudFoundry endpoints High
CVE-2026-22733 was published for org.springframework.boot:spring-boot-starter-actuator (Maven) Mar 20, 2026
Spring Boot has an Authentication Bypass under Actuator Health groups paths High
CVE-2026-22731 was published for org.springframework.boot:spring-boot-starter-actuator (Maven) Mar 20, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themepaste Admin Safety... High Unreviewed
CVE-2026-25471 was published Mar 19, 2026
OpenClaw: /api/channels gateway-auth boundary bypass via path canonicalization mismatch Moderate
CVE-2026-32031 was published for openclaw (npm) Mar 12, 2026
tdjackey Credited to tdjackey
Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote... Moderate Unreviewed
CVE-2026-3930 was published Mar 12, 2026
An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages... Critical Unreviewed
CVE-2025-67039 was published Mar 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18... Moderate Unreviewed
CVE-2026-0602 was published Mar 11, 2026
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to... Critical Unreviewed
CVE-2026-27842 was published Mar 11, 2026
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent... High Unreviewed
CVE-2026-26117 was published Mar 10, 2026
An authentication bypass using an alternate path or channel vulnerability in Fortinet... High Unreviewed
CVE-2026-22572 was published Mar 10, 2026
EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass... Moderate Unreviewed
CVE-2026-30777 was published Mar 5, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes... Critical Unreviewed
CVE-2026-27389 was published Mar 5, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes... High Unreviewed
CVE-2026-27390 was published Mar 5, 2026
A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software... Critical Unreviewed
CVE-2026-20079 was published Mar 4, 2026
OpenClaw has encoded-path auth bypass in plugin `/api/channels` route classification High
CVE-2026-32004 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable... Critical Unreviewed
CVE-2026-2628 was published Mar 3, 2026
SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type... High Unreviewed
CVE-2026-22205 was published Feb 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database