Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,853
NuGet
696
pip
3,637
Pub
12
RubyGems
911
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,689 advisories

Loading
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1... High Unreviewed
CVE-2022-47700 was published Jan 31, 2023
IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18... Moderate Unreviewed
CVE-2023-38367 was published Feb 29, 2024
A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to... Critical Unreviewed
CVE-2022-47003 was published Feb 1, 2023
A code execution vulnerability exists in the XiaomiGetApps application product. This... High Unreviewed
CVE-2024-45346 was published Aug 28, 2024
Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint High
CVE-2024-8053 was published for open-webui (pip) Mar 20, 2025
CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability... Critical Unreviewed
CVE-2025-2825 was published Mar 26, 2025
An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7... High Unreviewed
CVE-2022-42951 was published Feb 6, 2023
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of... High Unreviewed
CVE-2025-30116 was published Mar 18, 2025
The IHwAttestationService interface has a defect in authentication. Successful exploitation of... High Unreviewed
CVE-2022-48294 was published Feb 9, 2023
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the... Critical Unreviewed
CVE-2025-2747 was published Mar 24, 2025
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the... Critical Unreviewed
CVE-2025-2746 was published Mar 24, 2025
Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker... High Unreviewed
CVE-2024-57490 was published Mar 21, 2025
Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same... Moderate Unreviewed
CVE-2022-45724 was published Feb 13, 2023
A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an... Moderate Unreviewed
CVE-2024-20301 was published Mar 6, 2024
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Bypassing of Device... Critical Unreviewed
CVE-2025-30114 was published Mar 18, 2025
Parse Server has an OAuth login vulnerability Moderate
CVE-2025-30168 was published for parse-server (npm) Mar 21, 2025
tiaod dblythy
mtrezza
Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST requests to the /Forms/... Critical Unreviewed
CVE-2019-16261 was published May 24, 2022
Apache Submarine Commons Utils has a hard-coded secret Moderate
CVE-2024-36264 was published for apache-submarine (Maven) Jun 12, 2024
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor... Moderate Unreviewed
CVE-2022-45168 was published Jun 10, 2024
Spring Security Does Not Enforce Password Length High
CVE-2025-22228 was published for org.springframework.security:spring-security-crypto (Maven) Mar 20, 2025
lxd has a restricted TLS certificate privilege escalation when in PKI mode Low
CVE-2024-6219 was published for github.com/canonical/lxd (Go) Dec 9, 2024
markylaing
In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that... Moderate Unreviewed
CVE-2024-12869 was published Mar 20, 2025
Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore... Moderate Unreviewed
CVE-2025-26475 was published Mar 19, 2025
there is a possible permission bypass due to Debug certs being allowlisted. This could lead to... High Unreviewed
CVE-2024-29757 was published Apr 5, 2024
An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate... Moderate Unreviewed
CVE-2024-54916 was published Feb 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database