Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,128
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,024
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,247 advisories

Loading
HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information... Moderate Unreviewed
CVE-2025-0256 was published Mar 24, 2025
Mattermost Fails to Enforce MFA on Plugin Endpoints High
CVE-2025-25068 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 21, 2025
In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server... Critical Unreviewed
CVE-2024-8196 was published Mar 20, 2025
Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint High
CVE-2024-8053 was published for open-webui (pip) Mar 20, 2025
Missing authentication for critical function vulnerability in the webapi component in Synology... High Unreviewed
CVE-2024-50630 was published Mar 19, 2025
On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam... High Unreviewed
CVE-2025-30111 was published Mar 18, 2025
CosmWasm Allows Bypass of Capability Restrictions in Blockchains Moderate
CVE-2025-25500 was published for cosmwasm (Rust) Mar 18, 2025
An unauthenticated remote attacker can gain access to the cloud API due to a lack of... Critical Unreviewed
CVE-2024-23943 was published Mar 18, 2025
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2024-13772 was published Mar 14, 2025
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable... Critical Unreviewed
CVE-2024-13771 was published Mar 14, 2025
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8),... Moderate Unreviewed
CVE-2024-52285 was published Mar 11, 2025
SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular... Moderate Unreviewed
CVE-2025-23194 was published Mar 11, 2025
Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup... High Unreviewed
CVE-2025-27256 was published Mar 10, 2025
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in... Critical Unreviewed
CVE-2025-1315 was published Mar 7, 2025
The School Management System for Wordpress plugin for WordPress is vulnerable to privilege... High Unreviewed
CVE-2024-9658 was published Mar 7, 2025
Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular... High Unreviewed
CVE-2024-31525 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368... Critical Unreviewed
CVE-2025-27642 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253... Critical Unreviewed
CVE-2025-27647 was published Mar 5, 2025
Certain functionality within GMOD Apollo does not require authentication when passed with an... Critical Unreviewed
CVE-2025-24924 was published Mar 5, 2025
The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to,... High Unreviewed
CVE-2025-1717 was published Feb 27, 2025
Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to... High Unreviewed
CVE-2025-21355 was published Feb 20, 2025
Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow... Moderate Unreviewed
CVE-2024-57055 was published Feb 18, 2025
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version)... Moderate Unreviewed
CVE-2025-25224 was published Feb 18, 2025
An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify... Moderate Unreviewed
CVE-2024-57725 was published Feb 14, 2025
The administrative web interface of mySCADA myPRO Manager can be accessed without... Critical Unreviewed
CVE-2025-24865 was published Feb 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database