Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,850
Erlang
36
GitHub Actions
34
Go
2,480
Maven
5,000+
npm
4,097
NuGet
734
pip
3,910
Pub
12
RubyGems
945
Rust
1,014
Swift
39
Unreviewed advisories
All unreviewed
5,000+

441 advisories

Loading
WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could allow an attacker to create... Critical Unreviewed
CVE-2025-46275 was published Apr 25, 2025
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey... Critical Unreviewed
CVE-2025-30727 was published Apr 15, 2025
An attacker could modify or disable settings, disrupt fuel monitoring and supply chain... Critical Unreviewed
CVE-2025-2567 was published Apr 15, 2025
Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser Critical Unreviewed
CVE-2025-0129 was published Apr 12, 2025
Duplicate Advisory: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint Critical
GHSA-c995-4fw3-j39m was published for langflow (pip) Apr 7, 2025 withdrawn
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2024-13553 was published Apr 1, 2025
In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server... Critical Unreviewed
CVE-2024-8196 was published Mar 20, 2025
An unauthenticated remote attacker can gain access to the cloud API due to a lack of... Critical Unreviewed
CVE-2024-23943 was published Mar 18, 2025
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable... Critical Unreviewed
CVE-2024-13771 was published Mar 14, 2025
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in... Critical Unreviewed
CVE-2025-1315 was published Mar 7, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253... Critical Unreviewed
CVE-2025-27647 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368... Critical Unreviewed
CVE-2025-27642 was published Mar 5, 2025
Certain functionality within GMOD Apollo does not require authentication when passed with an... Critical Unreviewed
CVE-2025-24924 was published Mar 5, 2025
The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login... Critical Unreviewed
CVE-2025-1283 was published Feb 14, 2025
The administrative web interface of mySCADA myPRO Manager can be accessed without... Critical Unreviewed
CVE-2025-24865 was published Feb 14, 2025
Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote... Critical Unreviewed
CVE-2025-0896 was published Feb 13, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free... Critical Unreviewed
CVE-2025-26361 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q... Critical Unreviewed
CVE-2025-26359 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/guest-mode/routes.lua in Q... Critical Unreviewed
CVE-2025-26344 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free... Critical Unreviewed
CVE-2025-26345 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q... Critical Unreviewed
CVE-2025-26342 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/menu/routes.lua in Q-Free... Critical Unreviewed
CVE-2025-26347 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxtime/handleRoute.lua in Q-Free... Critical Unreviewed
CVE-2025-26339 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q... Critical Unreviewed
CVE-2025-26341 was published Feb 12, 2025
Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability Critical Unreviewed
CVE-2025-21198 was published Feb 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database