Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,827
Maven
5,000+
npm
4,455
NuGet
775
pip
4,219
Pub
12
RubyGems
970
Rust
1,090
Swift
47
Unreviewed advisories
All unreviewed
5,000+

4,020 advisories

Loading
RustFS has a gRPC Hardcoded Token Authentication Bypass Critical
CVE-2025-68926 was published for rustfs (Rust) Dec 30, 2025
An issue was discovered in Zeroheight (SaaS) prior to 2025-06-13. A legacy user creation API... Moderate Unreviewed
CVE-2025-65925 was published Dec 30, 2025
An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate... Critical Unreviewed
CVE-2025-56333 was published Dec 29, 2025
Improper Authentication vulnerability in Gmission Web Fax allows Privilege Escalation.This issue... High Unreviewed
CVE-2025-15069 was published Dec 29, 2025
A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts... Moderate Unreviewed
CVE-2025-15135 was published Dec 28, 2025
A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects... Moderate Unreviewed
CVE-2025-15099 was published Dec 26, 2025
A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality... Moderate Unreviewed
CVE-2025-15097 was published Dec 26, 2025
Vulnerability in Tyche softwares Product Delivery Date for WooCommerce – Lite.This issue affects... Moderate Unreviewed
CVE-2023-52210 was published Dec 23, 2025
There is an improper authentication vulnerability in some Hikvision DVR products. Due to the... Moderate Unreviewed
CVE-2025-66174 was published Dec 19, 2025
A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown... Moderate Unreviewed
CVE-2025-14908 was published Dec 19, 2025
An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed... Moderate Unreviewed
CVE-2025-13427 was published Dec 19, 2025
Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated... Moderate Unreviewed
CVE-2025-14738 was published Dec 18, 2025
An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through... Critical Unreviewed
CVE-2025-67791 was published Dec 18, 2025
A vulnerability in the application software of multiple Radiometer products may allow remote code... High Unreviewed
CVE-2025-14097 was published Dec 17, 2025
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in... High Unreviewed
CVE-2025-14002 was published Dec 16, 2025
A vulnerability has been found in Ningyuanda TC155 57.0.2.0. The affected element is an unknown... Moderate Unreviewed
CVE-2025-14746 was published Dec 16, 2025
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed... High Unreviewed
CVE-2025-65781 was published Dec 15, 2025
django-allauth's Okta and NetIQ implementations used a mutable identifier for authorization decisions Moderate
CVE-2025-65431 was published for django-allauth (pip) Dec 15, 2025
Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates Moderate
CVE-2025-37731 was published for org.elasticsearch:elasticsearch (Maven) Dec 15, 2025
A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown... Moderate Unreviewed
CVE-2025-14703 was published Dec 15, 2025
A weakness has been identified in haxxorsid Stock-Management-System up to... Moderate Unreviewed
CVE-2025-14567 was published Dec 12, 2025
The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when... Moderate Unreviewed
CVE-2025-10684 was published Dec 12, 2025
Filament multi-factor authentication (app) recovery codes can be used multiple times High
CVE-2025-67507 was published for filament/filament (Composer) Dec 9, 2025
JaZo danharrin
Credited to JaZo and danharrin
The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login ... Critical Unreviewed
CVE-2025-12374 was published Dec 5, 2025
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local... Critical Unreviewed
CVE-2025-64055 was published Dec 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database