Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,850
Erlang
36
GitHub Actions
34
Go
2,480
Maven
5,000+
npm
4,097
NuGet
734
pip
3,910
Pub
12
RubyGems
945
Rust
1,014
Swift
39
Unreviewed advisories
All unreviewed
5,000+

450 advisories

Loading
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2... High Unreviewed
CVE-2025-32978 was published Jun 26, 2025
An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device... High Unreviewed
CVE-2025-3090 was published Jun 26, 2025
IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due... High Unreviewed
CVE-2025-3319 was published Jun 20, 2025
A web application for configuring the controller is accessible at a specific path. It contains an... High Unreviewed
CVE-2025-25265 was published Jun 16, 2025
The Archify application contains a local privilege escalation vulnerability due to insufficient... High Unreviewed
CVE-2024-9062 was published Jun 11, 2025
CyberData  011209 Intercom exposes features that could allow an unauthenticated to gain ... High Unreviewed
CVE-2025-26468 was published Jun 10, 2025
An unauthenticated remote attacker can access a URL which causes the device to reboot. High Unreviewed
CVE-2025-41655 was published May 26, 2025
An unauthenticated remote attacker can access information about running processes via the SNMP... High Unreviewed
CVE-2025-41654 was published May 26, 2025
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing... High Unreviewed
CVE-2025-48391 was published May 20, 2025
A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients... High Unreviewed
CVE-2024-23815 was published May 13, 2025
Endpoint /cgi-bin-igd/netcore_set.cgi which is used for changing device configuration is... High Unreviewed
CVE-2025-3759 was published May 8, 2025
WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to... High Unreviewed
CVE-2025-3758 was published May 8, 2025
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could... High Unreviewed
CVE-2025-20210 was published May 7, 2025
Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac... High Unreviewed
CVE-2025-29870 was published Apr 9, 2025
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... High Unreviewed
CVE-2024-41793 was published Apr 8, 2025
Missing authentication for critical function vulnerability exists in AssetView and AssetView... High Unreviewed
CVE-2025-25060 was published Apr 2, 2025
A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is... High Unreviewed
CVE-2024-45356 was published Mar 27, 2025
A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R... High Unreviewed
CVE-2024-45483 was published Mar 25, 2025
Mattermost Fails to Enforce MFA on Plugin Endpoints High
CVE-2025-25068 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 21, 2025
Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint High
CVE-2024-8053 was published for open-webui (pip) Mar 20, 2025
Missing authentication for critical function vulnerability in the webapi component in Synology... High Unreviewed
CVE-2024-50630 was published Mar 19, 2025
On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam... High Unreviewed
CVE-2025-30111 was published Mar 18, 2025
Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup... High Unreviewed
CVE-2025-27256 was published Mar 10, 2025
The School Management System for Wordpress plugin for WordPress is vulnerable to privilege... High Unreviewed
CVE-2024-9658 was published Mar 7, 2025
Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular... High Unreviewed
CVE-2024-31525 was published Mar 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database