Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,691
Maven
5,000+
npm
4,320
NuGet
760
pip
4,097
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,544 advisories

Loading
Flowise has Authentication Bypass Using Unprotected Registration Endpoint (/register) High
GHSA-v5w9-prxf-w882 was published for flowise (npm) Nov 17, 2025
ReeFSpeK ERANV-EVA
Credited to ReeFSpeK and ERANV-EVA
Memos' Access Tokens Stay Valid after User Password Change High
CVE-2024-21635 was published for github.com/usememos/memos (Go) Nov 14, 2025
jhademcconnell
Credited to jhademcconnell
ZITADEL is vulnerable to Account Takeover with deactivated Instance IdP High
CVE-2025-64717 was published for github.com/zitadel/zitadel (Go) Nov 14, 2025
livio-a IAM-marco
Jank1310
Credited to livio-a, IAM-marco, and Jank1310
TYPO3 Modules Extension has Improper Authentication vulnerability High
CVE-2025-12998 was published for codingms/modules (Composer) Nov 12, 2025
Zitadel May Bypass Second Authentication Factor High
CVE-2025-64103 was published for github.com/zitadel/zitadel (Go) Oct 29, 2025
livio-a IAM-marco
mffap
Credited to livio-a, IAM-marco, and mffap
FastMCP Auth Integration Allows for Confused Deputy Account Takeover High
GHSA-c2jp-c369-7pvx was published for fastmcp (pip) Oct 29, 2025
localden
Credited to localden
A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2... High Unreviewed
CVE-2025-60424 was published Oct 27, 2025
Captive Portal can allow authentication bypass High Unreviewed
CVE-2025-6979 was published Oct 23, 2025
Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This... High Unreviewed
CVE-2025-41110 was published Oct 22, 2025
The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia 15.6.... High Unreviewed
CVE-2025-43281 was published Oct 15, 2025
The Keyy Two Factor Authentication (like Clef) plugin for WordPress is vulnerable to privilege... High Unreviewed
CVE-2025-10293 was published Oct 15, 2025
Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to... High Unreviewed
CVE-2025-55340 was published Oct 14, 2025
A path traversal security issue exists within FactoryTalk View Machine Edition, allowing... High Unreviewed
CVE-2025-9064 was published Oct 14, 2025
An authentication bypass security issue exists within FactoryTalk View Machine Edition Web... High Unreviewed
CVE-2025-9063 was published Oct 14, 2025
A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN... High Unreviewed
CVE-2025-11192 was published Oct 7, 2025
A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the... High Unreviewed
CVE-2025-11130 was published Sep 29, 2025
A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS... High Unreviewed
CVE-2025-20160 was published Sep 24, 2025
A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the... High Unreviewed
CVE-2025-10906 was published Sep 24, 2025
Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to... High Unreviewed
CVE-2025-57434 was published Sep 22, 2025
A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown... High Unreviewed
CVE-2025-10672 was published Sep 18, 2025
Dragonfly doesn't have authentication enabled for some Manager’s endpoints High
CVE-2025-59345 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26... High Unreviewed
CVE-2025-31271 was published Sep 16, 2025
WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled High
CVE-2025-54376 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Credited to Kr1shna4garwal
The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01... High Unreviewed
CVE-2025-57278 was published Sep 9, 2025
SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who... High Unreviewed
CVE-2025-55234 was published Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database