GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 26,382
Composer 5,246
Erlang 40
GitHub Actions 41
Go 3,026
Maven 6,269
npm 4,763
NuGet 824
pip 4,366
Pub 12
RubyGems 987
Rust 1,143
Swift 50

Unreviewed advisories

All unreviewed 291,221

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

45 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi... Critical Unreviewed

CVE-2025-15385 was published Jan 6, 2026

Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni... Critical Unreviewed

CVE-2025-66255 was published Nov 26, 2025

Thunderbird ignored paths when checking the validity of navigations in a frame. This... Critical Unreviewed

CVE-2025-8038 was published Jul 22, 2025

IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks... Critical Unreviewed

CVE-2025-27558 was published May 21, 2025

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.750 Application 20.0.1442... Critical Unreviewed

CVE-2025-27680 was published Mar 5, 2025

Affected devices beacon to eCharge cloud infrastructure asking if there are any command they... Critical Unreviewed

CVE-2024-11666 was published Nov 25, 2024

The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not... Critical Unreviewed

CVE-2024-1554 was published Feb 20, 2024

Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation... Critical Unreviewed

CVE-2023-4699 was published Nov 6, 2023

In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address... Critical Unreviewed

CVE-2023-36139 was published Aug 4, 2023

In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address... Critical Unreviewed

CVE-2023-36134 was published Aug 4, 2023

Controller may be loaded with malicious firmware which could enable remote code execution Critical Unreviewed

CVE-2023-25178 was published Jul 13, 2023

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is... Critical Unreviewed

CVE-2022-3703 was published Jul 6, 2023

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an... Critical Unreviewed

CVE-2023-3325 was published Jun 20, 2023

The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of... Critical Unreviewed

CVE-2023-2987 was published May 31, 2023

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware... Critical Unreviewed

CVE-2023-28386 was published May 22, 2023

AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. Critical Unreviewed

CVE-2023-28863 was published Apr 18, 2023

BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded... Critical Unreviewed

CVE-2023-27748 was published Apr 13, 2023

RSFirewall tries to identify the original IP address by looking at different HTTP headers. A... Critical Unreviewed

CVE-2021-4226 was published Dec 15, 2022

Remote desktop takeover via phishing Critical Unreviewed

CVE-2022-27513 was published Nov 9, 2022

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the... Critical Unreviewed

CVE-2022-36130 was published Sep 2, 2022

The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem... Critical Unreviewed

CVE-2022-30264 was published Aug 17, 2022

JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the... Critical Unreviewed

CVE-2022-29958 was published Jul 27, 2022

An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS... Critical Unreviewed

CVE-2022-31801 was published Jun 22, 2022

An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS... Critical Unreviewed

CVE-2022-31800 was published Jun 22, 2022

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server... Critical Unreviewed

CVE-2022-31813 was published Jun 10, 2022

Previous12 Next

Previous 1 2 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

45 advisories