Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,855
Erlang
36
GitHub Actions
36
Go
2,481
Maven
5,000+
npm
4,102
NuGet
734
pip
3,916
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

450 advisories

Loading
Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup... High Unreviewed
CVE-2025-27256 was published Mar 10, 2025
The School Management System for Wordpress plugin for WordPress is vulnerable to privilege... High Unreviewed
CVE-2024-9658 was published Mar 7, 2025
A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to... High Unreviewed
CVE-2024-40717 was published Dec 4, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2024-21006 was published Apr 17, 2024
TIANJIE CPE906-3 is vulnerable to password disclosure. This is present on Software Version WEB5... High Unreviewed
CVE-2022-47703 was published Feb 17, 2023
Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password... High Unreviewed
CVE-2022-44216 was published Feb 20, 2023
Missing authentication for critical function vulnerability in the webapi component in Synology... High Unreviewed
CVE-2024-50630 was published Mar 19, 2025
An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows a remote attacker to... High Unreviewed
CVE-2024-48791 was published Oct 14, 2024
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting... High Unreviewed
CVE-2025-24472 was published Feb 11, 2025
Mattermost Fails to Enforce MFA on Plugin Endpoints High
CVE-2025-25068 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 21, 2025
The bundle management module lacks authentication and control mechanisms in some APIs. Successful... High Unreviewed
CVE-2022-48289 was published Feb 9, 2023
The bundle management module lacks authentication and control mechanisms in some APIs. Successful... High Unreviewed
CVE-2022-48288 was published Feb 9, 2023
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this... High Unreviewed
CVE-2022-48300 was published Feb 9, 2023
On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam... High Unreviewed
CVE-2025-30111 was published Mar 18, 2025
A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R... High Unreviewed
CVE-2024-45483 was published Mar 25, 2025
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this... High Unreviewed
CVE-2022-48299 was published Feb 9, 2023
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... High Unreviewed
CVE-2024-21183 was published Jul 17, 2024
Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint High
CVE-2024-8053 was published for open-webui (pip) Mar 20, 2025
A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is... High Unreviewed
CVE-2024-45356 was published Mar 27, 2025
Missing authentication for critical function vulnerability exists in AssetView and AssetView... High Unreviewed
CVE-2025-25060 was published Apr 2, 2025
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An... High Unreviewed
CVE-2021-43447 was published Jan 23, 2023
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... High Unreviewed
CVE-2024-41793 was published Apr 8, 2025
Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac... High Unreviewed
CVE-2025-29870 was published Apr 9, 2025
An authentication issue was addressed with improved state management. This issue is fixed in... High Unreviewed
CVE-2023-40393 was published Jan 11, 2024
Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials.... High Unreviewed
CVE-2022-45423 was published Dec 27, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database