Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

8 advisories

Loading
ZITADEL has potential SSRF via Actions Low
CVE-2026-27945 was published for github.com/zitadel/zitadel/v2 (Go) Feb 27, 2026
IAM-marco Credited to IAM-marco and livio-a livio-a livio-a
ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API High
CVE-2026-27946 was published for github.com/zitadel/zitadel (Go) Feb 27, 2026
livio-a Credited to livio-a, IAM-marco, and MhdAsfan IAM-marco IAM-marco
MhdAsfan MhdAsfan
Zitadel has a user enumeration vulnerability in Login UIs Moderate
CVE-2026-23511 was published for github.com/zitadel/zitadel (Go) Jan 15, 2026
IAM-marco Credited to IAM-marco, livio-a, and mntns livio-a livio-a
mntns mntns
Zitadel Discloses the Total Number of Instance Users Moderate
CVE-2025-67717 was published for github.com/zitadel/zitadel (Go) Dec 10, 2025
IAM-marco Credited to IAM-marco and livio-a livio-a livio-a
ZITADEL is vulnerable to Account Takeover with deactivated Instance IdP High
CVE-2025-64717 was published for github.com/zitadel/zitadel (Go) Nov 14, 2025
livio-a Credited to livio-a, IAM-marco, and Jank1310 IAM-marco IAM-marco
Jank1310 Jank1310
Zitadel May Bypass Second Authentication Factor High
CVE-2025-64103 was published for github.com/zitadel/zitadel (Go) Oct 29, 2025
livio-a Credited to livio-a, IAM-marco, and mffap IAM-marco IAM-marco
mffap mffap
Zitadel allows brute-forcing authentication factors High
CVE-2025-64102 was published for github.com/zitadel/zitadel (Go) Oct 29, 2025
livio-a Credited to livio-a, IAM-marco, and evilgensec IAM-marco IAM-marco
evilgensec evilgensec
ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection High
CVE-2025-64101 was published for github.com/zitadel/zitadel/v2 (Go) Oct 29, 2025
amit-laish Credited to amit-laish, livio-a, and IAM-marco livio-a livio-a
IAM-marco IAM-marco
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database