Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,399
Maven
5,000+
npm
4,040
NuGet
723
pip
3,830
Pub
12
RubyGems
933
Rust
1,002
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,190 advisories

Loading
An unauthenticated remote attacker can run arbitrary commands on the affected devices with high... Critical Unreviewed
CVE-2025-41656 was published Jul 1, 2025
The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a... High Unreviewed
CVE-2024-8419 was published Jun 30, 2025
Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated... Critical Unreviewed
CVE-2025-5310 was published Jun 27, 2025
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G... Critical Unreviewed
CVE-2025-3699 was published Jun 27, 2025
Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure... High Unreviewed
CVE-2025-6678 was published Jun 26, 2025
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2... High Unreviewed
CVE-2025-32978 was published Jun 26, 2025
An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device... High Unreviewed
CVE-2025-3090 was published Jun 26, 2025
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload... Critical Unreviewed
CVE-2025-48469 was published Jun 26, 2025
OpenBao allows cancellation of root rekey and recovery rekey operations without authentication Moderate
CVE-2025-52894 was published for github.com/openbao/openbao/api/v2 (Go) Jun 26, 2025
cipherboy
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18... Moderate Unreviewed
CVE-2025-1754 was published Jun 26, 2025
An issue was discovered on COROS PACE 3 devices through 3.0808.0. The BLE implementation of the... Moderate Unreviewed
CVE-2025-32876 was published Jun 20, 2025
IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due... High Unreviewed
CVE-2025-3319 was published Jun 20, 2025
Apache SeaTunnel: Unauthenticated insecure access Low
CVE-2025-32896 was published for org.apache.seatunnel:seatunnel-engine-common (Maven) Jun 19, 2025
A web application for configuring the controller is accessible at a specific path. It contains an... High Unreviewed
CVE-2025-25265 was published Jun 16, 2025
MCP Inspector proxy server lacks authentication between the Inspector client and proxy Critical
CVE-2025-49596 was published for @modelcontextprotocol/inspector (npm) Jun 13, 2025
JLLeitschuh
A vulnerability has been identified in Perfect Harmony GH180 (All versions >= V8.0 < V8.3.3 with... Moderate Unreviewed
CVE-2024-35295 was published Jun 11, 2025
The Archify application contains a local privilege escalation vulnerability due to insufficient... High Unreviewed
CVE-2024-9062 was published Jun 11, 2025
A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This... Moderate Unreviewed
CVE-2025-5906 was published Jun 10, 2025
CyberData  011209 Intercom exposes features that could allow an unauthenticated to gain ... High Unreviewed
CVE-2025-26468 was published Jun 10, 2025
BackendAI Missing Authentication for Critical Function Critical
CVE-2025-49652 was published for backend.ai (pip) Jun 9, 2025
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an... Critical Unreviewed
CVE-2025-3461 was published Jun 8, 2025
In the moPS App through 1.8.618, all users can access administrative API endpoints without... Critical Unreviewed
CVE-2024-55585 was published Jun 7, 2025
A missing authentication for critical function vulnerability in the client application of Soar... Critical Unreviewed
CVE-2025-5192 was published Jun 6, 2025
The wallet has an authentication bypass vulnerability that allows access to specific pages. Moderate Unreviewed
CVE-2025-5719 was published Jun 6, 2025
Instantel Micromate lacks authentication on a configuration port which could allow an attacker to... Critical Unreviewed
CVE-2025-1907 was published May 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database