Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,701
Maven
5,000+
npm
4,328
NuGet
761
pip
4,103
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

333 advisories

Loading
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the... Moderate Unreviewed
CVE-2025-60251 was published Sep 26, 2025
The web application allows an unauthenticated remote attacker to learn information about existing... Moderate Unreviewed
CVE-2025-41716 was published Sep 24, 2025
NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing... Moderate Unreviewed
CVE-2025-10267 was published Sep 12, 2025
A missing authentication vulnerability was reported in some Lenovo printers that could allow a... Moderate Unreviewed
CVE-2025-9214 was published Sep 11, 2025
It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use... Moderate Unreviewed
CVE-2025-36757 was published Sep 10, 2025
A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX... Moderate Unreviewed
CVE-2025-36756 was published Sep 10, 2025
SAP NetWeaver Application Server Java does not perform an authentication check when an attacker... Moderate Unreviewed
CVE-2025-42926 was published Sep 9, 2025
The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a... Moderate Unreviewed
CVE-2025-7045 was published Sep 6, 2025
The "serverConfig" endpoint, which returns the module configuration including credentials, is... Moderate Unreviewed
CVE-2025-30048 was published Aug 27, 2025
An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's... Moderate Unreviewed
CVE-2025-51543 was published Aug 19, 2025
An unauthenticated remote attacker can grant access without password protection to the affected... Moderate Unreviewed
CVE-2025-41689 was published Aug 19, 2025
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Via port 7777 without any need... Moderate Unreviewed
CVE-2025-30126 was published Jul 28, 2025
A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical.... Moderate Unreviewed
CVE-2025-7897 was published Jul 20, 2025
A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version... Moderate Unreviewed
CVE-2025-52089 was published Jul 11, 2025
Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows... Moderate Unreviewed
CVE-2025-7031 was published Jul 8, 2025
A flaw was found in the authentication enforcement mechanism of a model inference API in ai... Moderate Unreviewed
CVE-2025-6920 was published Jul 1, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18... Moderate Unreviewed
CVE-2025-1754 was published Jun 26, 2025
An issue was discovered on COROS PACE 3 devices through 3.0808.0. The BLE implementation of the... Moderate Unreviewed
CVE-2025-32876 was published Jun 20, 2025
A vulnerability has been identified in Perfect Harmony GH180 (All versions >= V8.0 < V8.3.3 with... Moderate Unreviewed
CVE-2024-35295 was published Jun 11, 2025
A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This... Moderate Unreviewed
CVE-2025-5906 was published Jun 10, 2025
The wallet has an authentication bypass vulnerability that allows access to specific pages. Moderate Unreviewed
CVE-2025-5719 was published Jun 6, 2025
The installer in SIGB PMB before 8.0.1.2 allows remote code execution. Moderate Unreviewed
CVE-2025-48742 was published May 27, 2025
The devices do not implement any authentication for the web interface or the MQTT server. An... Moderate Unreviewed
CVE-2025-27803 was published May 21, 2025
In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue... Moderate Unreviewed
CVE-2025-47850 was published May 20, 2025
Missing authentication for critical function issue exists in I-O DATA network attached hard disk ... Moderate Unreviewed
CVE-2025-32738 was published May 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database