Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,247 advisories

Loading
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 /... Moderate Unreviewed
CVE-2024-56469 was published Mar 27, 2025
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2024-13553 was published Apr 1, 2025
Missing authentication for critical function vulnerability exists in AssetView and AssetView... High Unreviewed
CVE-2025-25060 was published Apr 2, 2025
HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential... Moderate Unreviewed
CVE-2025-0257 was published Apr 3, 2025
In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to... Moderate Unreviewed
CVE-2025-32357 was published Apr 5, 2025
Duplicate Advisory: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint Critical
GHSA-c995-4fw3-j39m was published for langflow (pip) Apr 7, 2025 withdrawn
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... High Unreviewed
CVE-2024-41793 was published Apr 8, 2025
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... Moderate Unreviewed
CVE-2024-41791 was published Apr 8, 2025
Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac... High Unreviewed
CVE-2025-29870 was published Apr 9, 2025
Missing Authentication for Critical Function vulnerability in Drupal Panels allows Exploiting... Moderate Unreviewed
CVE-2025-3474 was published Apr 9, 2025
Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser Critical Unreviewed
CVE-2025-0129 was published Apr 12, 2025
ash_authentication has email link auto-click account confirmation vulnerability Moderate
CVE-2025-32782 was published for ash_authentication (Erlang) Apr 14, 2025
zachdaniel jimsynz
maennchen barnabasJ sevenseacat
An attacker could modify or disable settings, disrupt fuel monitoring and supply chain... Critical Unreviewed
CVE-2025-2567 was published Apr 15, 2025
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey... Critical Unreviewed
CVE-2025-30727 was published Apr 15, 2025
Mattermost Missing Authentication for Critical Function Low
CVE-2025-27538 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Rasa Pro Missing Authentication For Voice Connector APIs Moderate
CVE-2025-32377 was published for rasa-pro (pip) Apr 17, 2025
HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated... Low Unreviewed
CVE-2024-42178 was published Apr 18, 2025
WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could allow an attacker to create... Critical Unreviewed
CVE-2025-46275 was published Apr 25, 2025
An access issue was addressed with improved access restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-24271 was published Apr 29, 2025
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive... Moderate Unreviewed
CVE-2025-1495 was published May 3, 2025
A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This... Moderate Unreviewed
CVE-2025-4268 was published May 5, 2025
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could... High Unreviewed
CVE-2025-20210 was published May 7, 2025
WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to... High Unreviewed
CVE-2025-3758 was published May 8, 2025
Endpoint /cgi-bin-igd/netcore_set.cgi which is used for changing device configuration is... High Unreviewed
CVE-2025-3759 was published May 8, 2025
A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based... Moderate Unreviewed
CVE-2025-4382 was published May 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database