Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

787 advisories

Loading
The Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) plugin for... Moderate Unreviewed
CVE-2025-1284 was published Apr 24, 2025
This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on... Critical Unreviewed
CVE-2025-42605 was published Apr 23, 2025
An authorization bypass in Unblu Spark allows a participant of a conversation to replace an... High Unreviewed
CVE-2025-3519 was published Apr 22, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Scott Taylor Avatar allows... Moderate Unreviewed
CVE-2025-39434 was published Apr 17, 2025
Unauthenticated attackers can query information about total energy consumed by EV chargers of... Moderate Unreviewed
CVE-2025-31147 was published Apr 16, 2025
Unauthenticated attackers can retrieve serial number of smart meters associated to a specific... Moderate Unreviewed
CVE-2025-30257 was published Apr 16, 2025
Unauthenticated attackers can trigger device actions associated with specific "scenes" of... Moderate Unreviewed
CVE-2025-31360 was published Apr 16, 2025
An attacker can get information about the groups of the smart home devices for arbitrary users (i... Moderate Unreviewed
CVE-2025-31654 was published Apr 16, 2025
An unauthenticated attacker can obtain other users' charger information. Moderate Unreviewed
CVE-2025-31945 was published Apr 16, 2025
An unauthenticated attacker can obtain EV charger energy consumption information of other users. Moderate Unreviewed
CVE-2025-31950 was published Apr 16, 2025
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username... Moderate Unreviewed
CVE-2025-27927 was published Apr 16, 2025
Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts. Moderate Unreviewed
CVE-2025-27929 was published Apr 16, 2025
Unauthenticated attackers can rename "rooms" of arbitrary users. Moderate Unreviewed
CVE-2025-27561 was published Apr 16, 2025
An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs. Moderate Unreviewed
CVE-2025-27565 was published Apr 16, 2025
An unauthenticated attacker can obtain EV charger version and firmware upgrading history by... Moderate Unreviewed
CVE-2025-27575 was published Apr 16, 2025
Unauthenticated attackers can query an API endpoint and get device details. Moderate Unreviewed
CVE-2025-27719 was published Apr 16, 2025
Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers). Moderate Unreviewed
CVE-2025-26857 was published Apr 16, 2025
An unauthenticated attacker can hijack other users' devices and potentially control them. Moderate Unreviewed
CVE-2025-25276 was published Apr 16, 2025
Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of... Moderate Unreviewed
CVE-2025-24315 was published Apr 16, 2025
An attacker can export other users' plant information. Moderate Unreviewed
CVE-2025-24850 was published Apr 16, 2025
An unauthenticated attacker can check the existence of usernames in the system by querying an API. Moderate Unreviewed
CVE-2025-31933 was published Apr 15, 2025
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username. Moderate Unreviewed
CVE-2025-31941 was published Apr 15, 2025
An authenticated attacker can obtain any plant name by knowing the plant ID. Moderate Unreviewed
CVE-2025-31949 was published Apr 15, 2025
An unauthenticated attacker can obtain a user's plant list by knowing the username. Moderate Unreviewed
CVE-2025-31357 was published Apr 15, 2025
An attacker can change registered email addresses of other users and take over arbitrary accounts. Moderate Unreviewed
CVE-2025-27939 was published Apr 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database