Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,839
Maven
5,000+
npm
4,467
NuGet
776
pip
4,228
Pub
12
RubyGems
973
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

380 advisories

Loading
@fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding) High
CVE-2026-22037 was published for @fastify/express (npm) Jan 20, 2026
rootxharsh Eomm
mcollina
Credited to rootxharsh, Eomm, and mcollina
The Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress is... Critical Unreviewed
CVE-2025-10484 was published Jan 17, 2026
An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0... High Unreviewed
CVE-2025-68707 was published Jan 13, 2026
A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS... Moderate Unreviewed
CVE-2025-46286 was published Jan 10, 2026
A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an... High Unreviewed
CVE-2025-67070 was published Jan 9, 2026
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists... Moderate Unreviewed
CVE-2025-67282 was published Jan 9, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics... Critical Unreviewed
CVE-2025-67915 was published Jan 8, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in RiceTheme Felan... Critical Unreviewed
CVE-2025-23504 was published Jan 8, 2026
Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may... High Unreviewed
CVE-2026-21411 was published Jan 6, 2026
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure... Moderate Unreviewed
CVE-2025-3652 was published Jan 4, 2026
Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi... Critical Unreviewed
CVE-2025-64121 was published Jan 3, 2026
Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling Critical
CVE-2025-68620 was published for signalk-server (npm) Jan 2, 2026
atsc11
Credited to atsc11
DVP-12SE11T - Password Protection Bypass Critical Unreviewed
CVE-2025-15102 was published Dec 30, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile... Critical Unreviewed
CVE-2025-68860 was published Dec 30, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn... Critical Unreviewed
CVE-2025-64236 was published Dec 18, 2025
An Authentication Bypass vulnerability existed where the application bundled an interpreter ... Low Unreviewed
CVE-2025-14714 was published Dec 15, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18... Moderate Unreviewed
CVE-2025-11984 was published Dec 11, 2025
Filament multi-factor authentication (app) recovery codes can be used multiple times High
CVE-2025-67507 was published for filament/filament (Composer) Dec 9, 2025
JaZo danharrin
Credited to JaZo and danharrin
mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users... Moderate Unreviewed
CVE-2025-66200 was published Dec 5, 2025
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user... High Unreviewed
CVE-2025-66238 was published Dec 5, 2025
The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all... Critical Unreviewed
CVE-2025-13539 was published Nov 27, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability... Critical Unreviewed
CVE-2025-10571 was published Nov 20, 2025
The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authentication Bypass due to improper... Critical Unreviewed
CVE-2025-63217 was published Nov 19, 2025
Drupal Email TFA allows Functionality Bypass Moderate
CVE-2025-12760 was published for drupal/email_tfa (Composer) Nov 18, 2025
@apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields High
CVE-2025-64530 was published for @apollo/composition (npm) Nov 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database