Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

701 advisories

Loading
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote... High Unreviewed
CVE-2026-1603 was published Feb 10, 2026
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows... High Unreviewed
CVE-2020-37157 was published Feb 7, 2026
ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows... High Unreviewed
CVE-2020-37146 was published Feb 7, 2026
Sliver has DNS C2 OTP Bypass that Allows Unauthenticated Session Flooding and Denial of Service High
CVE-2026-25791 was published for github.com/bishopfox/sliver (Go) Feb 6, 2026
xtle0o0 Credited to xtle0o0
OpenClaw vulnerable to Unauthenticated Local RCE via WebSocket config.apply High
CVE-2026-25593 was published for openclaw (npm) Feb 4, 2026
hackerman70000 Credited to hackerman70000
FUXA contains an Unrestricted File Upload vulnerability High
CVE-2025-69981 was published for fuxa-server (npm) Feb 3, 2026
FUXA contains an insecure default configuration vulnerability High
CVE-2025-69970 was published for fuxa-server (npm) Feb 3, 2026
An unauthenticated remote attacker could potentially disrupt operations by switching between... High Unreviewed
CVE-2022-50977 was published Feb 2, 2026
An unauthenticated remote attacker could potentially disrupt operations by switching between... High Unreviewed
CVE-2022-50978 was published Feb 2, 2026
Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability... High Unreviewed
CVE-2020-36963 was published Jan 28, 2026
Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability.... High Unreviewed
CVE-2026-0778 was published Jan 23, 2026
Dragonfly Manager Job API Unauthenticated Access High
CVE-2026-24124 was published for d7y.io/dragonfly/v2 (Go) Jan 22, 2026
b0b0haha Credited to b0b0haha and gaius-qi gaius-qi gaius-qi
Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that... High Unreviewed
CVE-2021-47802 was published Jan 21, 2026
Statistics Database System developed by Gotac has a Missing Authentication vulnerability,... High Unreviewed
CVE-2026-1023 was published Jan 16, 2026
OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution High
CVE-2026-22812 was published for opencode-ai (npm) Jan 13, 2026
CyberShadow Credited to CyberShadow
Missing authentication for critical function in SQL Server allows an authorized attacker to... High Unreviewed
CVE-2026-20803 was published Jan 13, 2026
SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid... High Unreviewed
CVE-2026-0492 was published Jan 13, 2026
Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure... High Unreviewed
CVE-2025-66049 was published Jan 9, 2026
FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated... High Unreviewed
CVE-2017-20213 was published Jan 8, 2026
Bagisto Missing Authentication on Installer API Endpoints High
CVE-2026-21446 was published for bagisto/bagisto (Composer) Jan 2, 2026
mhzcyber Credited to mhzcyber
Langflow Missing Authentication on Critical API Endpoints High
CVE-2026-21445 was published for langflow (pip) Jan 2, 2026
kj84park Credited to kj84park and juh0ng juh0ng juh0ng
Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers... High Unreviewed
CVE-2024-58336 was published Dec 31, 2025
Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product... High Unreviewed
CVE-2025-66377 was published Dec 25, 2025
A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific... High Unreviewed
CVE-2025-3232 was published Dec 24, 2025
Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that... High Unreviewed
CVE-2019-25240 was published Dec 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database