Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

280 advisories

Loading
When connecting to the Solax Cloud MQTT server the username is the "registration number", which... Moderate Unreviewed
CVE-2025-15574 was published Feb 12, 2026
Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness Low
GHSA-rjr4-v43m-pxq6 was published for triton-vm (Rust) Jan 21, 2026
knqyf263
Credited to knqyf263
Jervis Has Weak Random for Timing Attack Mitigation High
CVE-2025-68704 was published for net.gleske:jervis (Maven) Jan 13, 2026
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for... Moderate Unreviewed
CVE-2025-11723 was published Jan 6, 2026
The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all... Moderate Unreviewed
CVE-2025-11707 was published Dec 13, 2025
Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II version 1.17478... Critical Unreviewed
CVE-2025-13955 was published Dec 10, 2025
gokey allows secret recovery from a seed file without the master password High
CVE-2025-13353 was published for github.com/cloudflare/gokey (Go) Dec 2, 2025
An issue in Technitium through v13.2.2 enables attackers to conduct a DNS cache poisoning attack... High Unreviewed
CVE-2024-56089 was published Dec 1, 2025
An authentication bypass vulnerability has been identified in the IFTTT integration feature. A... High Unreviewed
CVE-2025-59371 was published Nov 25, 2025
In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public... High Unreviewed
CVE-2025-13470 was published Nov 21, 2025
The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-12787 was published Nov 11, 2025
The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not... Moderate Unreviewed
CVE-2025-6515 was published Oct 20, 2025
The Banhammer – Monitor Site Traffic, Block Bad Users and Bots plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-10745 was published Sep 26, 2025
form-data uses unsafe random function in form-data for choosing boundary Critical
CVE-2025-7783 was published for form-data (npm) Jul 21, 2025
benweissmann ljharb
Credited to benweissmann and ljharb
A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0.... Moderate Unreviewed
CVE-2025-6931 was published Jul 1, 2025
Vantage6 Server JWT secret not cryptographically secure Low
CVE-2025-43866 was published for vantage6-server (pip) Jun 12, 2025
The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be... Low Unreviewed
CVE-2025-49198 was published Jun 12, 2025
The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation... Critical Unreviewed
CVE-2025-4607 was published May 31, 2025
SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt... Moderate Unreviewed
CVE-2024-50684 was published Feb 26, 2025
Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields,... Moderate Unreviewed
CVE-2024-10604 was published Jan 30, 2025
Use of Insufficiently Random Values in undici Moderate
CVE-2025-22150 was published for undici (npm) Jan 21, 2025
mcollina parrot409
Credited to mcollina and parrot409
When batch jobs are executed by pgAgent, a script is created in a temporary directory and then... Moderate Unreviewed
CVE-2025-0218 was published Jan 7, 2025
The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover... High Unreviewed
CVE-2024-12432 was published Dec 18, 2024
A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature... Moderate Unreviewed
CVE-2024-20331 was published Oct 23, 2024
Duplicate Advisory: Juju makes Use of Weak Credentials High
GHSA-phh4-3hmm-24rx was published for github.com/juju/juju (Go) Oct 2, 2024 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database