Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,392 advisories

Loading
Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated... High Unreviewed
CVE-2020-36873 was published Nov 27, 2025
ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configuration disclosure... High Unreviewed
CVE-2020-36874 was published Nov 27, 2025
ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in... High Unreviewed
CVE-2020-36871 was published Nov 27, 2025
Dongyoung Media DM-AP240T/W wireless access points contain an unauthenticated configuration... High Unreviewed
CVE-2019-25226 was published Nov 27, 2025
Tellion HN-2204AP routers contain an unauthenticated configuration disclosure vulnerability in... High Unreviewed
CVE-2019-25227 was published Nov 27, 2025
SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. This allows an... High Unreviewed
CVE-2025-13483 was published Nov 25, 2025
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR... High Unreviewed
CVE-2024-14007 was published Nov 24, 2025
Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical... Moderate Unreviewed
CVE-2025-63435 was published Nov 24, 2025
Fluent Bit in_forward input plugin does not properly enforce the security.users authentication... Moderate Unreviewed
CVE-2025-12969 was published Nov 24, 2025
The Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin for... Moderate Unreviewed
CVE-2025-11771 was published Nov 21, 2025
The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF)... High Unreviewed
CVE-2025-64770 was published Nov 20, 2025
The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP)... High Unreviewed
CVE-2025-62674 was published Nov 20, 2025
An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface,... Critical Unreviewed
CVE-2025-63206 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... High Unreviewed
CVE-2025-34331 was published Nov 19, 2025
The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for... Moderate Unreviewed
CVE-2025-12349 was published Nov 19, 2025
A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation... Critical Unreviewed
CVE-2025-9312 was published Nov 18, 2025
General Industrial Controls Lynx+ Gateway  is missing critical authentication in the embedded... Critical Unreviewed
CVE-2025-58083 was published Nov 15, 2025
The Brightpick Internal Logic Control web interface is accessible without requiring user... High Unreviewed
CVE-2025-64307 was published Nov 15, 2025
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access... Moderate Unreviewed
CVE-2023-7328 was published Nov 15, 2025
PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does... High Unreviewed
CVE-2021-4468 was published Nov 15, 2025
Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access... High Unreviewed
CVE-2021-4469 was published Nov 15, 2025
General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web... High Unreviewed
CVE-2025-59780 was published Nov 15, 2025
Flowise does not Prevent Bypass of Password Confirmation - Unverified Password Change High
GHSA-fjh6-8679-9pch was published for flowise-ui (npm) Nov 14, 2025
mbiesiad
Credited to mbiesiad
Flowise doesn't Prevent Bypass of Password Confirmation through Unverified Email Change (credentials) High
GHSA-x39m-3393-3qp4 was published for flowise-ui (npm) Nov 14, 2025
mbiesiad
Credited to mbiesiad
Mattermost does not enforce MFA on WebSocket connections Moderate
CVE-2025-55070 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database