Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

208 advisories

Loading
OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other... Critical Unreviewed
CVE-2025-22956 was published Sep 8, 2025
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can... Critical Unreviewed
CVE-2024-3596 was published Jul 9, 2024
Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to... Critical Unreviewed
CVE-2024-39335 was published Aug 26, 2025
Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in... Critical Unreviewed
CVE-2025-7426 was published Aug 25, 2025
In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid... Critical Unreviewed
CVE-2025-27845 was published Aug 14, 2025
An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service... Critical Unreviewed
CVE-2025-43986 was published Aug 13, 2025
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either... Critical Unreviewed
CVE-2025-30127 was published Aug 6, 2025
This issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6... Critical Unreviewed
CVE-2025-43189 was published Jul 30, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Critical Unreviewed
CVE-2025-31279 was published Jul 30, 2025
An unauthenticated information disclosure vulnerability exists in the WordPress Total Upkeep... Critical Unreviewed
CVE-2025-34084 was published Jul 9, 2025
A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent... Critical Unreviewed
CVE-2025-34064 was published Jul 1, 2025
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and... Critical Unreviewed
CVE-2023-47029 was published Jun 23, 2025
Component exposure vulnerability in the Wi-Fi module. Successful exploitation of this... Critical Unreviewed
CVE-2023-52101 was published Jan 16, 2024
An information disclosure vulnerability exists in Aquatronica Controller System firmware versions... Critical Unreviewed
CVE-2025-25037 was published Jun 20, 2025
Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the... Critical Unreviewed
CVE-2023-51154 was published Jan 4, 2024
Exposure of sensitive information to an unauthorized actor in Power Automate allows an... Critical Unreviewed
CVE-2025-47966 was published Jun 5, 2025
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take... Critical Unreviewed
CVE-2020-26167 was published May 24, 2022
PrinterShare Android application allows the capture of Gmail authentication tokens that can be... Critical Unreviewed
CVE-2025-5098 was published May 23, 2025
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have... Critical Unreviewed
CVE-2017-3185 was published May 13, 2022
Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows... Critical Unreviewed
CVE-2017-13664 was published May 17, 2022
A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary... Critical Unreviewed
CVE-2016-1265 was published May 13, 2022
The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability... Critical Unreviewed
CVE-2017-11435 was published May 13, 2022
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-... Critical Unreviewed
CVE-2017-9788 was published May 13, 2022
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and... Critical Unreviewed
CVE-2017-11165 was published May 17, 2022
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an... Critical Unreviewed
CVE-2017-6709 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database