Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,904
Erlang
38
GitHub Actions
38
Go
2,566
Maven
5,000+
npm
4,237
NuGet
753
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,932 advisories

Loading
A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN... High Unreviewed
CVE-2025-11192 was published Oct 7, 2025
Improper Authentication vulnerability in GE Vernova EnerVista UR Setup allows Authentication... High Unreviewed
CVE-2025-27254 was published Mar 10, 2025
An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an... Moderate Unreviewed
CVE-2025-54154 was published Oct 3, 2025
Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows... Critical Unreviewed
CVE-2024-42462 was published Aug 16, 2024
Incorrect authentication vulnerability in OpenSIAC, which could allow an attacker to impersonate... Critical Unreviewed
CVE-2025-41064 was published Oct 2, 2025
A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus... Moderate Unreviewed
CVE-2025-6533 was published Jun 26, 2025
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b,... High Unreviewed
CVE-2015-7755 was published May 17, 2022
Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username... Moderate Unreviewed
CVE-2025-56764 was published Sep 29, 2025
A vulnerability classified as critical was found in Comet System T0510, T3510, T3511, T4511,... High Unreviewed
CVE-2025-6763 was published Jun 27, 2025
A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote... Critical Unreviewed
CVE-2025-56752 was published Sep 29, 2025
IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an... High Unreviewed
CVE-2024-27275 was published Jun 15, 2024
A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the... High Unreviewed
CVE-2025-11130 was published Sep 29, 2025
A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application... Critical Unreviewed
CVE-2024-36266 was published Jun 11, 2024
Dragonfly's manager makes requests to external endpoints with disabled TLS authentication Moderate
CVE-2025-59347 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
Dragonfly doesn't have authentication enabled for some Manager’s endpoints High
CVE-2025-59345 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication... Critical Unreviewed
CVE-2024-8956 was published Sep 17, 2024
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication... Low Unreviewed
CVE-2025-0672 was published Sep 23, 2025
A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper... Moderate Unreviewed
CVE-2025-0663 was published Sep 23, 2025
An improper authentication vulnerability has been reported to affect QHora. If an attacker gains... Moderate Unreviewed
CVE-2024-13088 was published Jun 6, 2025
WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled High
CVE-2025-54376 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Credited to Kr1shna4garwal
A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS... High Unreviewed
CVE-2025-20160 was published Sep 24, 2025
A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the... High Unreviewed
CVE-2025-10906 was published Sep 24, 2025
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the... Critical Unreviewed
CVE-2025-2746 was published Mar 24, 2025
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the... Critical Unreviewed
CVE-2025-2747 was published Mar 24, 2025
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the... Critical Unreviewed
CVE-2025-34027 was published May 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database