Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,344
Maven
5,000+
npm
3,973
NuGet
719
pip
3,770
Pub
12
RubyGems
923
Rust
978
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

282 advisories

Loading
The SSL Zen WordPress plugin before 4.6.0 only relies on the use of .htaccess to prevent... Moderate Unreviewed
CVE-2024-1076 was published May 8, 2024
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2024-13772 was published Mar 14, 2025
A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This... Moderate Unreviewed
CVE-2025-5906 was published Jun 10, 2025
A vulnerability has been identified in Perfect Harmony GH180 (All versions >= V8.0 < V8.3.3 with... Moderate Unreviewed
CVE-2024-35295 was published Jun 11, 2025
The wallet has an authentication bypass vulnerability that allows access to specific pages. Moderate Unreviewed
CVE-2025-5719 was published Jun 6, 2025
The installer in SIGB PMB before 8.0.1.2 allows remote code execution. Moderate Unreviewed
CVE-2025-48742 was published May 27, 2025
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and... Moderate Unreviewed
CVE-2019-6538 was published May 13, 2022
The devices do not implement any authentication for the web interface or the MQTT server. An... Moderate Unreviewed
CVE-2025-27803 was published May 21, 2025
In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue... Moderate Unreviewed
CVE-2025-47850 was published May 20, 2025
Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticated API requests. Moderate Unreviewed
CVE-2022-35136 was published Oct 14, 2022
Missing authentication for critical function issue exists in I-O DATA network attached hard disk ... Moderate Unreviewed
CVE-2025-32738 was published May 15, 2025
A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an... Moderate Unreviewed
CVE-2025-0132 was published May 14, 2025
CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections... Moderate Unreviewed
CVE-2025-44039 was published May 13, 2025
The ISOinsight from Netvision has a Missing Authentication vulnerability, allowing... Moderate Unreviewed
CVE-2025-4560 was published May 12, 2025
A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based... Moderate Unreviewed
CVE-2025-4382 was published May 9, 2025
A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This... Moderate Unreviewed
CVE-2025-4268 was published May 5, 2025
Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0... Moderate Unreviewed
CVE-2022-3312 was published Nov 2, 2022
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive... Moderate Unreviewed
CVE-2025-1495 was published May 3, 2025
An access issue was addressed with improved access restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-24271 was published Apr 29, 2025
VMware Workspace ONE Access and Identity Manager contain a broken authentication vulnerability.... Moderate Unreviewed
CVE-2022-31701 was published Dec 14, 2022
A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that... Moderate Unreviewed
CVE-2017-6872 was published May 13, 2022
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests... Moderate Unreviewed
CVE-2016-10364 was published May 13, 2022
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All... Moderate Unreviewed
CVE-2021-26264 was published Jan 29, 2022
In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to... Moderate Unreviewed
CVE-2025-32357 was published Apr 5, 2025
Some Dahua software products have a vulnerability of unauthenticated search for devices. After... Moderate Unreviewed
CVE-2022-45432 was published Dec 27, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database