Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

491 advisories

Loading
A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation... Critical Unreviewed
CVE-2025-9312 was published Nov 18, 2025
General Industrial Controls Lynx+ Gateway  is missing critical authentication in the embedded... Critical Unreviewed
CVE-2025-58083 was published Nov 15, 2025
A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could... Critical Unreviewed
CVE-2025-20358 was published Nov 5, 2025
The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read... Critical Unreviewed
CVE-2025-55108 was published Nov 5, 2025
The Survision LPR Camera system does not enforce password protection by default. This allows... Critical Unreviewed
CVE-2025-12108 was published Nov 4, 2025
Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the... Critical Unreviewed
CVE-2025-61945 was published Nov 4, 2025
Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions,... Critical Unreviewed
CVE-2025-61956 was published Nov 4, 2025
The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a... Critical Unreviewed
CVE-2025-11007 was published Nov 4, 2025
A malicious actor with access to the management network could exploit a misconfiguration in UniFi... Critical Unreviewed
CVE-2025-52665 was published Oct 31, 2025
Anheng Mingyu Operation and Maintenance Audit and Risk Control System up to 2023-08-10 contains a... Critical Unreviewed
CVE-2023-7325 was published Oct 31, 2025
Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode... Critical Unreviewed
CVE-2021-4461 was published Oct 31, 2025
Resource Lacking AuthN.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . Critical Unreviewed
CVE-2025-12476 was published Oct 29, 2025
Server Version Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . Critical Unreviewed
CVE-2025-12477 was published Oct 29, 2025
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing... Critical Unreviewed
CVE-2025-62481 was published Oct 21, 2025
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing... Critical Unreviewed
CVE-2025-53072 was published Oct 21, 2025
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST... Critical Unreviewed
CVE-2025-61757 was published Oct 21, 2025
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of... Critical Unreviewed
CVE-2025-53037 was published Oct 21, 2025
Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8... Critical Unreviewed
CVE-2025-9574 was published Oct 20, 2025
An improper privilege management vulnerability exists in WSO2 API Manager due to missing... Critical Unreviewed
CVE-2025-9152 was published Oct 16, 2025
Multiple Broken Authentication security issues exist in the affected product. The security issues... Critical Unreviewed
CVE-2025-7328 was published Oct 14, 2025
A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 <... Critical Unreviewed
CVE-2025-40765 was published Oct 14, 2025
A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions <... Critical Unreviewed
CVE-2025-40771 was published Oct 14, 2025
Newforma Info Exchange (NIX) accepts serialized .NET data via the '/remoteweb/remote.rem'... Critical Unreviewed
CVE-2025-35050 was published Oct 9, 2025
Azure Entra ID Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-59246 was published Oct 9, 2025
Better Auth: Unauthenticated API key creation through api-key plugin Critical
CVE-2025-61928 was published for better-auth (npm) Oct 9, 2025
etiennelunetta
Credited to etiennelunetta
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database