Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,781
Erlang
36
GitHub Actions
29
Go
2,345
Maven
5,000+
npm
3,976
NuGet
719
pip
3,772
Pub
12
RubyGems
923
Rust
980
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

388 advisories

Loading
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an... Critical Unreviewed
CVE-2025-3461 was published Jun 8, 2025
In the moPS App through 1.8.618, all users can access administrative API endpoints without... Critical Unreviewed
CVE-2024-55585 was published Jun 7, 2025
A missing authentication for critical function vulnerability in the client application of Soar... Critical Unreviewed
CVE-2025-5192 was published Jun 6, 2025
Instantel Micromate lacks authentication on a configuration port which could allow an attacker to... Critical Unreviewed
CVE-2025-1907 was published May 30, 2025
A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6... Critical Unreviewed
CVE-2025-22252 was published May 28, 2025
Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows... Critical Unreviewed
CVE-2025-2407 was published May 27, 2025
Due to missing authentication on a critical function of the devices an unauthenticated remote... Critical Unreviewed
CVE-2025-41651 was published May 27, 2025
Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to... Critical Unreviewed
CVE-2025-40664 was published May 26, 2025
The embedded web server lacks authentication and access controls, allowing unrestricted remote... Critical Unreviewed
CVE-2025-36535 was published May 21, 2025
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via... Critical Unreviewed
CVE-2024-46506 was published May 13, 2025
The specific APIs of Parking Management System from ZONG YU has a Missing Authentication... Critical Unreviewed
CVE-2025-4557 was published May 12, 2025
The web management interface of Okcat Parking Management Platform from ZONG YU has a Missing... Critical Unreviewed
CVE-2025-4555 was published May 12, 2025
WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could allow an attacker to create... Critical Unreviewed
CVE-2025-46275 was published Apr 25, 2025
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey... Critical Unreviewed
CVE-2025-30727 was published Apr 15, 2025
An attacker could modify or disable settings, disrupt fuel monitoring and supply chain... Critical Unreviewed
CVE-2025-2567 was published Apr 15, 2025
Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser Critical Unreviewed
CVE-2025-0129 was published Apr 12, 2025
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2024-13553 was published Apr 1, 2025
In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server... Critical Unreviewed
CVE-2024-8196 was published Mar 20, 2025
An unauthenticated remote attacker can gain access to the cloud API due to a lack of... Critical Unreviewed
CVE-2024-23943 was published Mar 18, 2025
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable... Critical Unreviewed
CVE-2024-13771 was published Mar 14, 2025
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in... Critical Unreviewed
CVE-2025-1315 was published Mar 7, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368... Critical Unreviewed
CVE-2025-27642 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253... Critical Unreviewed
CVE-2025-27647 was published Mar 5, 2025
Certain functionality within GMOD Apollo does not require authentication when passed with an... Critical Unreviewed
CVE-2025-24924 was published Mar 5, 2025
The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login... Critical Unreviewed
CVE-2025-1283 was published Feb 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database