Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

246 advisories

Loading
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be... Critical Unreviewed
CVE-2025-2492 was published Apr 18, 2025
HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated... Low Unreviewed
CVE-2024-42178 was published Apr 18, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows... High Unreviewed
CVE-2025-39535 was published Apr 17, 2025
In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to... Moderate Unreviewed
CVE-2025-32357 was published Apr 5, 2025
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2024-13553 was published Apr 1, 2025
Apache Pinot Vulnerable to Authentication Bypass Critical
CVE-2024-56325 was published for org.apache.pinot:pinot (Maven) Apr 1, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in ho3einie Material... Critical Unreviewed
CVE-2025-31095 was published Apr 1, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows... High Unreviewed
CVE-2025-22277 was published Apr 1, 2025
Drupal Two-factor Authentication (TFA) Vulnerable to Forceful Browsing Low
CVE-2025-31694 was published for drupal/tfa (Composer) Apr 1, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4,... High Unreviewed
CVE-2025-24095 was published Apr 1, 2025
VMware Tools for Windows contains an authentication bypass vulnerability due to improper access... High Unreviewed
CVE-2025-22230 was published Mar 25, 2025
On 70mai Dash Cam 1S devices, by connecting directly to the dashcam's network and accessing the... High Unreviewed
CVE-2025-30112 was published Mar 24, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2024-13442 was published Mar 19, 2025
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2024-13772 was published Mar 14, 2025
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable... Critical Unreviewed
CVE-2024-13771 was published Mar 14, 2025
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to,... Critical Unreviewed
CVE-2024-11286 was published Mar 14, 2025
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1... Critical Unreviewed
CVE-2025-2080 was published Mar 13, 2025
This vulnerability exists in the CAP back office application due to improper implementation of... High Unreviewed
CVE-2025-29996 was published Mar 13, 2025
The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-13446 was published Mar 12, 2025
The School Management System for Wordpress plugin for WordPress is vulnerable to privilege... High Unreviewed
CVE-2024-9658 was published Mar 7, 2025
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in... Critical Unreviewed
CVE-2025-1315 was published Mar 7, 2025
The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and... High Unreviewed
CVE-2025-0749 was published Mar 7, 2025
The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all... Critical Unreviewed
CVE-2025-1515 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27658 was published Mar 5, 2025
Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided... High Unreviewed
CVE-2025-24846 was published Mar 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database