GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 27,905
Composer 5,452
Erlang 46
GitHub Actions 47
Go 3,340
Maven 6,338
npm 5,367
NuGet 881
pip 4,549
Pub 12
RubyGems 1,012
Rust 1,202
Swift 51

Unreviewed advisories

All unreviewed 295,465

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

61 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk... Critical Unreviewed

CVE-2026-30793 was published Mar 5, 2026

The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication... Critical Unreviewed

CVE-2026-30702 was published Mar 18, 2026

It was identified that under certain specific preconditions, an API key that was originally... Critical Unreviewed

CVE-2024-37282 was published Jan 30, 2026

Azure Entra ID Elevation of Privilege Vulnerability Critical Unreviewed

CVE-2026-24305 was published Jan 23, 2026

Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate... Critical Unreviewed

CVE-2025-65041 was published Dec 19, 2025

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers... Critical Unreviewed

CVE-2023-53895 was published Dec 16, 2025

In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not... Critical Unreviewed

CVE-2025-58386 was published Dec 2, 2025

In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System... Critical Unreviewed

CVE-2025-63691 was published Nov 7, 2025

An authorization issue was addressed with improved state management. This issue is fixed in tvOS... Critical Unreviewed

CVE-2025-31255 was published Sep 16, 2025

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 ... Critical Unreviewed

CVE-2021-28799 was published May 24, 2022

In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control,... Critical Unreviewed

CVE-2024-9095 was published Mar 20, 2025

Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate... Critical Unreviewed

CVE-2025-53795 was published Aug 21, 2025

The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to... Critical Unreviewed

CVE-2025-7778 was published Aug 15, 2025

Azure Portal Elevation of Privilege Vulnerability Critical Unreviewed

CVE-2025-53792 was published Aug 7, 2025

Improper authorization in Azure Machine Learning allows an authorized attacker to elevate... Critical Unreviewed

CVE-2025-49746 was published Jul 18, 2025

Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges... Critical Unreviewed

CVE-2025-29827 was published May 9, 2025

The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing... Critical Unreviewed

CVE-2025-4631 was published May 31, 2025

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a... Critical Unreviewed

CVE-2025-4104 was published May 7, 2025

The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper... Critical Unreviewed

CVE-2025-3918 was published May 3, 2025

Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. Critical Unreviewed

CVE-2025-30390 was published Apr 30, 2025

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate... Critical Unreviewed

CVE-2025-30392 was published Apr 30, 2025

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function... Critical Unreviewed

CVE-2025-29659 was published Apr 21, 2025

An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions... Critical Unreviewed

CVE-2017-6044 was published May 13, 2022

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid... Critical Unreviewed

CVE-2025-20125 was published Feb 5, 2025

Because the web management interface for Unified Intents' Unified Remote solution does not itself... Critical Unreviewed

CVE-2022-3229 was published Feb 7, 2023

Previous1…3 Next

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

61 advisories