Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

414 advisories

Loading
Mautic user without privileged access to the Marketplace can install and uninstall composer packages Critical
CVE-2025-13828 was published for mautic/core (Composer) Dec 2, 2025
driskell escopecz
patrykgruszka
Credited to driskell, escopecz, and patrykgruszka
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... Critical Unreviewed
CVE-2025-59703 was published Dec 2, 2025
An unauthenticated administrative access vulnerability exists in the open-source HashTech project... Critical Unreviewed
CVE-2025-65276 was published Nov 26, 2025
Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and... Critical Unreviewed
CVE-2025-55469 was published Nov 26, 2025
The Axel Technology StreamerMAX MK II devices (firmware versions 0.8.5 to 1.0.3) are vulnerable... Critical Unreviewed
CVE-2025-63223 was published Nov 19, 2025
The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable... Critical Unreviewed
CVE-2025-63218 was published Nov 19, 2025
The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vulnerable to Broken Access... Critical Unreviewed
CVE-2025-63225 was published Nov 18, 2025
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... Critical Unreviewed
CVE-2025-54339 was published Nov 14, 2025
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... Critical Unreviewed
CVE-2025-54343 was published Nov 14, 2025
Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control... Critical Unreviewed
CVE-2025-46608 was published Nov 12, 2025
A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi... Critical Unreviewed
CVE-2025-63353 was published Nov 12, 2025
Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password... Critical Unreviewed
CVE-2025-63666 was published Nov 12, 2025
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw... Critical Unreviewed
CVE-2025-12480 was published Nov 10, 2025
A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code... Critical Unreviewed
CVE-2025-48983 was published Oct 31, 2025
A critical severity vulnerability has been identified in the ALPR Manager role of Security Center... Critical Unreviewed
CVE-2025-43027 was published Oct 30, 2025
An issue was discovered in eTimeTrackLite Web thru 12.0 (20250704). There is a permission control... Critical Unreviewed
CVE-2025-60291 was published Oct 27, 2025
An improper access control vulnerability exists in multiple WSO2 products due to insufficient... Critical Unreviewed
CVE-2025-9804 was published Oct 16, 2025
code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege... Critical Unreviewed
CVE-2025-60306 was published Oct 10, 2025
Azure Entra ID Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-59218 was published Oct 9, 2025
In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability... Critical Unreviewed
CVE-2025-36636 was published Oct 8, 2025
The BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler... Critical Unreviewed
CVE-2025-57247 was published Oct 6, 2025
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component:... Critical Unreviewed
CVE-2025-61882 was published Oct 5, 2025
An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru... Critical Unreviewed
CVE-2025-57266 was published Sep 29, 2025
A vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration (ZCS)... Critical Unreviewed
CVE-2025-54391 was published Sep 16, 2025
Azure Bot Service Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-55244 was published Sep 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database