Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

509 advisories

Loading
Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization High
CVE-2026-48020 was published for github.com/traefik/traefik/v2 (Go) Jun 11, 2026
H4ck2 Credited to H4ck2
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and... Critical Unreviewed
CVE-2026-10523 was published Jun 9, 2026
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the... High Unreviewed
CVE-2026-5415 was published Jun 5, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP... High Unreviewed
CVE-2026-40780 was published Jun 2, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System... High Unreviewed
CVE-2026-42654 was published Jun 2, 2026
Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*` Moderate
CVE-2026-47200 was published for @nuxt/nitro-server (npm) May 29, 2026
rmtsixq Credited to rmtsixq
Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or... Critical Unreviewed
CVE-2025-41273 was published May 29, 2026
Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64... High Unreviewed
CVE-2026-8697 was published May 28, 2026
A user with physical access to a smartphone can bypass authentication mechanism of Kidsview... Moderate Unreviewed
CVE-2026-8990 was published May 28, 2026
Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can... Critical Unreviewed
CVE-2026-35087 was published May 27, 2026
In Slican telephone exchanges it is possible to manage the control panel remotely. An... Critical Unreviewed
CVE-2026-35090 was published May 27, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online... High Unreviewed
CVE-2026-42745 was published May 27, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable... High Unreviewed
CVE-2026-42749 was published May 27, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and... High Unreviewed
CVE-2026-42760 was published May 27, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare... High Unreviewed
CVE-2026-42735 was published May 27, 2026
FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection High
CVE-2026-43945 was published for @frangoteam/fuxa (npm) May 26, 2026
ud444ng Credited to ud444ng
SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with... Low Unreviewed
CVE-2025-68708 was published May 26, 2026
AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android... Low Unreviewed
CVE-2025-68711 was published May 26, 2026
Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android... Low Unreviewed
CVE-2025-68710 was published May 26, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemeHigh Stripe... Moderate Unreviewed
CVE-2026-45217 was published May 26, 2026
Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C... Critical Unreviewed
CVE-2026-33843 was published May 26, 2026
An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras.... Critical Unreviewed
CVE-2026-8598 was published May 20, 2026
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an... Critical Unreviewed
CVE-2026-24207 was published May 20, 2026
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an... High Unreviewed
CVE-2026-24206 was published May 20, 2026
Neotoma: Unauthenticated Inspector/API access via reverse-proxy loopback auth bypass Moderate
CVE-2026-45577 was published for neotoma (npm) May 18, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database