Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,970 advisories

Loading
Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username... Moderate Unreviewed
CVE-2025-56764 was published Sep 29, 2025
A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote... Critical Unreviewed
CVE-2025-56752 was published Sep 29, 2025
A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the... High Unreviewed
CVE-2025-11130 was published Sep 29, 2025
A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS... High Unreviewed
CVE-2025-20160 was published Sep 24, 2025
A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the... High Unreviewed
CVE-2025-10906 was published Sep 24, 2025
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication... Low Unreviewed
CVE-2025-0672 was published Sep 23, 2025
A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper... Moderate Unreviewed
CVE-2025-0663 was published Sep 23, 2025
Improper authentication vulnerability in Novakon P series allows unauthenticated attackers to... Critical Unreviewed
CVE-2025-9965 was published Sep 23, 2025
Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to... High Unreviewed
CVE-2025-57434 was published Sep 22, 2025
A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability... Moderate Unreviewed
CVE-2025-10772 was published Sep 22, 2025
A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown... High Unreviewed
CVE-2025-10672 was published Sep 18, 2025
Dragonfly's manager makes requests to external endpoints with disabled TLS authentication Moderate
CVE-2025-59347 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
Dragonfly doesn't have authentication enabled for some Manager’s endpoints High
CVE-2025-59345 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26... High Unreviewed
CVE-2025-31271 was published Sep 16, 2025
A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file ... Moderate Unreviewed
CVE-2025-10423 was published Sep 15, 2025
Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0... Critical Unreviewed
CVE-2025-45583 was published Sep 12, 2025
The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application.... Critical Unreviewed
CVE-2025-10365 was published Sep 12, 2025
A vulnerability was found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40.... Moderate Unreviewed
CVE-2025-10288 was published Sep 12, 2025
Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods Moderate
CVE-2025-58065 was published for flask-appbuilder (pip) Sep 11, 2025
WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled High
CVE-2025-54376 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Credited to Kr1shna4garwal
An issue in RTSPtoWeb v.2.4.3 allows a remote attacker to obtain sensitive information and... Moderate Unreviewed
CVE-2025-56578 was published Sep 10, 2025
Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One 2.0.2... Moderate Unreviewed
CVE-2025-10224 was published Sep 10, 2025
The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01... High Unreviewed
CVE-2025-57278 was published Sep 9, 2025
SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who... High Unreviewed
CVE-2025-55234 was published Sep 9, 2025
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over... High Unreviewed
CVE-2025-54918 was published Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database