Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,344
Maven
5,000+
npm
3,973
NuGet
719
pip
3,770
Pub
12
RubyGems
923
Rust
978
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

388 advisories

Loading
In the moPS App through 1.8.618, all users can access administrative API endpoints without... Critical Unreviewed
CVE-2024-55585 was published Jun 7, 2025
Missing authentication for critical function vulnerability in First Corporation's DVRs allows a... Critical Unreviewed
CVE-2023-47674 was published Nov 16, 2023
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an... Critical Unreviewed
CVE-2025-3461 was published Jun 8, 2025
A missing authentication for critical function vulnerability in the client application of Soar... Critical Unreviewed
CVE-2025-5192 was published Jun 6, 2025
The router console is accessible without authentication at "data" field, and while a user needs... Critical Unreviewed
CVE-2023-49255 was published Jan 12, 2024
Instantel Micromate lacks authentication on a configuration port which could allow an attacker to... Critical Unreviewed
CVE-2025-1907 was published May 30, 2025
A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6... Critical Unreviewed
CVE-2025-22252 was published May 28, 2025
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2024-13553 was published Apr 1, 2025
Missing Authentication & Authorization in Web-API in Mobatime AMX MTAPI v6 on IIS allows... Critical Unreviewed
CVE-2025-2407 was published May 27, 2025
Due to missing authentication on a critical function of the devices an unauthenticated remote... Critical Unreviewed
CVE-2025-41651 was published May 27, 2025
Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to... Critical Unreviewed
CVE-2025-40664 was published May 26, 2025
The embedded web server lacks authentication and access controls, allowing unrestricted remote... Critical Unreviewed
CVE-2025-36535 was published May 21, 2025
Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser Critical Unreviewed
CVE-2025-0129 was published Apr 12, 2025
NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via... Critical Unreviewed
CVE-2024-46506 was published May 13, 2025
The specific APIs of Parking Management System from ZONG YU has a Missing Authentication... Critical Unreviewed
CVE-2025-4557 was published May 12, 2025
The web management interface of Okcat Parking Management Platform from ZONG YU has a Missing... Critical Unreviewed
CVE-2025-4555 was published May 12, 2025
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows... Critical Unreviewed
CVE-2022-0992 was published Apr 20, 2022
WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could allow an attacker to create... Critical Unreviewed
CVE-2025-46275 was published Apr 25, 2025
Telepad allows remote unauthenticated users to send instructions to the server to execute... Critical Unreviewed
CVE-2022-45477 was published Dec 5, 2022
The default configuration of Lazy Mouse does not require a password, allowing remote... Critical Unreviewed
CVE-2022-45481 was published Dec 5, 2022
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through... Critical Unreviewed
CVE-2022-46414 was published Dec 4, 2022
PC Keyboard allows remote unauthenticated users to send instructions to the server to execute... Critical Unreviewed
CVE-2022-45479 was published Dec 5, 2022
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4... Critical Unreviewed
CVE-2022-42458 was published Dec 7, 2022
Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an... Critical Unreviewed
CVE-2017-18001 was published May 13, 2022
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail... Critical Unreviewed
CVE-2017-3184 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database