Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
43
Go
3,181
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,474
Pub
12
RubyGems
991
Rust
1,185
Swift
51
Unreviewed advisories
All unreviewed
5,000+

444 advisories

Loading
TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u... Critical Unreviewed
CVE-2025-55895 was published Dec 15, 2025
Plesk 18.0 has Incorrect Access Control. Critical Unreviewed
CVE-2025-66430 was published Dec 12, 2025
Neuron MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”) Critical
CVE-2025-67510 was published for neuron-core/neuron-ai (Composer) Dec 9, 2025
siewer Credited to siewer
Mautic user without privileged access to the Marketplace can install and uninstall composer packages Critical
CVE-2025-13828 was published for mautic/core (Composer) Dec 2, 2025
driskell Credited to driskell, escopecz, and patrykgruszka escopecz escopecz
patrykgruszka patrykgruszka
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... Critical Unreviewed
CVE-2025-59703 was published Dec 2, 2025
An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to... Critical Unreviewed
CVE-2025-63525 was published Dec 1, 2025
An unauthenticated administrative access vulnerability exists in the open-source HashTech project... Critical Unreviewed
CVE-2025-65276 was published Nov 26, 2025
Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and... Critical Unreviewed
CVE-2025-55469 was published Nov 26, 2025
The Axel Technology StreamerMAX MK II devices (firmware versions 0.8.5 to 1.0.3) are vulnerable... Critical Unreviewed
CVE-2025-63223 was published Nov 19, 2025
The Axel Technology puma devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken... Critical Unreviewed
CVE-2025-63221 was published Nov 19, 2025
The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable... Critical Unreviewed
CVE-2025-63218 was published Nov 19, 2025
The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vulnerable to Broken Access... Critical Unreviewed
CVE-2025-63225 was published Nov 18, 2025
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... Critical Unreviewed
CVE-2025-54339 was published Nov 14, 2025
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... Critical Unreviewed
CVE-2025-54343 was published Nov 14, 2025
Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control... Critical Unreviewed
CVE-2025-46608 was published Nov 12, 2025
A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi... Critical Unreviewed
CVE-2025-63353 was published Nov 12, 2025
Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password... Critical Unreviewed
CVE-2025-63666 was published Nov 12, 2025
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw... Critical Unreviewed
CVE-2025-12480 was published Nov 10, 2025
A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code... Critical Unreviewed
CVE-2025-48983 was published Oct 31, 2025
A critical severity vulnerability has been identified in the ALPR Manager role of Security Center... Critical Unreviewed
CVE-2025-43027 was published Oct 30, 2025
An issue was discovered in eTimeTrackLite Web thru 12.0 (20250704). There is a permission control... Critical Unreviewed
CVE-2025-60291 was published Oct 27, 2025
An improper access control vulnerability exists in multiple WSO2 products due to insufficient... Critical Unreviewed
CVE-2025-9804 was published Oct 16, 2025
code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege... Critical Unreviewed
CVE-2025-60306 was published Oct 10, 2025
Azure Entra ID Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-59218 was published Oct 9, 2025
In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability... Critical Unreviewed
CVE-2025-36636 was published Oct 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database