Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,244 advisories

Loading
An access issue was addressed with improved access restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-24271 was published Apr 29, 2025
WGS-80HPT-V2 and WGS-4215-8T2S are missing authentication that could allow an attacker to create... Critical Unreviewed
CVE-2025-46275 was published Apr 25, 2025
HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated... Low Unreviewed
CVE-2024-42178 was published Apr 18, 2025
Rasa Pro Missing Authentication For Voice Connector APIs Moderate
CVE-2025-32377 was published for rasa-pro (pip) Apr 17, 2025
Mattermost Missing Authentication for Critical Function Low
CVE-2025-27538 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey... Critical Unreviewed
CVE-2025-30727 was published Apr 15, 2025
An attacker could modify or disable settings, disrupt fuel monitoring and supply chain... Critical Unreviewed
CVE-2025-2567 was published Apr 15, 2025
ash_authentication has email link auto-click account confirmation vulnerability Moderate
CVE-2025-32782 was published for ash_authentication (Erlang) Apr 14, 2025
zachdaniel jimsynz
maennchen barnabasJ sevenseacat
Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser Critical Unreviewed
CVE-2025-0129 was published Apr 12, 2025
Missing Authentication for Critical Function vulnerability in Drupal Panels allows Exploiting... Moderate Unreviewed
CVE-2025-3474 was published Apr 9, 2025
Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac... High Unreviewed
CVE-2025-29870 was published Apr 9, 2025
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... High Unreviewed
CVE-2024-41793 was published Apr 8, 2025
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... Moderate Unreviewed
CVE-2024-41791 was published Apr 8, 2025
Duplicate Advisory: Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint Critical
GHSA-c995-4fw3-j39m was published for langflow (pip) Apr 7, 2025 withdrawn
In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to... Moderate Unreviewed
CVE-2025-32357 was published Apr 5, 2025
HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential... Moderate Unreviewed
CVE-2025-0257 was published Apr 3, 2025
Missing authentication for critical function vulnerability exists in AssetView and AssetView... High Unreviewed
CVE-2025-25060 was published Apr 2, 2025
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2024-13553 was published Apr 1, 2025
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 /... Moderate Unreviewed
CVE-2024-56469 was published Mar 27, 2025
A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is... High Unreviewed
CVE-2024-45356 was published Mar 27, 2025
A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is... Moderate Unreviewed
CVE-2024-45355 was published Mar 27, 2025
A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R... High Unreviewed
CVE-2024-45483 was published Mar 25, 2025
HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information... Moderate Unreviewed
CVE-2025-0256 was published Mar 24, 2025
Mattermost Fails to Enforce MFA on Plugin Endpoints High
CVE-2025-25068 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 21, 2025
In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server... Critical Unreviewed
CVE-2024-8196 was published Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database