GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3,976 advisories
Filament multi-factor authentication (app) recovery codes can be used multiple times
High
CVE-2025-67507
was published
for
filament/filament
(Composer)
Dec 9, 2025
Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions
Low
GHSA-wmjr-v86c-m9jj
was published
for
better-auth
(npm)
Nov 26, 2025
Flowise has Authentication Bypass Using Unprotected Registration Endpoint (/register)
High
GHSA-v5w9-prxf-w882
was published
for
flowise
(npm)
Nov 17, 2025
Memos' Access Tokens Stay Valid after User Password Change
High
CVE-2024-21635
was published
for
github.com/usememos/memos
(Go)
Nov 14, 2025
ZITADEL is vulnerable to Account Takeover with deactivated Instance IdP
High
CVE-2025-64717
was published
for
github.com/zitadel/zitadel
(Go)
Nov 14, 2025
sudo-rs doesn't record authenticating user properly in timestamp
Moderate
CVE-2025-64517
was published
for
sudo-rs
(Rust)
Nov 13, 2025
KubeVirt's Improper TLS Certificate Management Handling Allows API Identity Spoofing
Moderate
CVE-2025-64434
was published
for
kubevirt.io/kubevirt
(Go)
Nov 6, 2025
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
Moderate
CVE-2025-64432
was published
for
kubevirt.io/kubevirt
(Go)
Nov 6, 2025
ProTip!
Advisories are also available from the
GraphQL API