Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,782
Erlang
36
GitHub Actions
29
Go
2,346
Maven
5,000+
npm
3,976
NuGet
720
pip
3,774
Pub
12
RubyGems
923
Rust
980
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

391 advisories

Loading
IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due... High Unreviewed
CVE-2025-3319 was published Jun 20, 2025
A web application for configuring the controller is accessible at a specific path. It contains an... High Unreviewed
CVE-2025-25265 was published Jun 16, 2025
The Archify application contains a local privilege escalation vulnerability due to insufficient... High Unreviewed
CVE-2024-9062 was published Jun 11, 2025
CyberData  011209 Intercom exposes features that could allow an unauthenticated to gain ... High Unreviewed
CVE-2025-26468 was published Jun 10, 2025
An unauthenticated remote attacker can access a URL which causes the device to reboot. High Unreviewed
CVE-2025-41655 was published May 26, 2025
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing... High Unreviewed
CVE-2025-48391 was published May 20, 2025
A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients... High Unreviewed
CVE-2024-23815 was published May 13, 2025
WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to... High Unreviewed
CVE-2025-3758 was published May 8, 2025
Endpoint /cgi-bin-igd/netcore_set.cgi which is used for changing device configuration is... High Unreviewed
CVE-2025-3759 was published May 8, 2025
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could... High Unreviewed
CVE-2025-20210 was published May 7, 2025
Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac... High Unreviewed
CVE-2025-29870 was published Apr 9, 2025
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... High Unreviewed
CVE-2024-41793 was published Apr 8, 2025
Missing authentication for critical function vulnerability exists in AssetView and AssetView... High Unreviewed
CVE-2025-25060 was published Apr 2, 2025
A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is... High Unreviewed
CVE-2024-45356 was published Mar 27, 2025
A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R... High Unreviewed
CVE-2024-45483 was published Mar 25, 2025
Missing authentication for critical function vulnerability in the webapi component in Synology... High Unreviewed
CVE-2024-50630 was published Mar 19, 2025
On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam... High Unreviewed
CVE-2025-30111 was published Mar 18, 2025
Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup... High Unreviewed
CVE-2025-27256 was published Mar 10, 2025
The School Management System for Wordpress plugin for WordPress is vulnerable to privilege... High Unreviewed
CVE-2024-9658 was published Mar 7, 2025
Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular... High Unreviewed
CVE-2024-31525 was published Mar 5, 2025
The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to,... High Unreviewed
CVE-2025-1717 was published Feb 27, 2025
Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to... High Unreviewed
CVE-2025-21355 was published Feb 20, 2025
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated... High Unreviewed
CVE-2025-0108 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free... High Unreviewed
CVE-2025-26365 was published Feb 12, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free... High Unreviewed
CVE-2025-26362 was published Feb 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database