GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,275
Composer 4,908
Erlang 39
GitHub Actions 38
Go 2,568
Maven 6,036
npm 4,240
NuGet 754
pip 4,004
Pub 12
RubyGems 953
Rust 1,042
Swift 45

Unreviewed advisories

All unreviewed 273,814

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

470 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An improper privilege management vulnerability exists in WSO2 API Manager due to missing... Critical Unreviewed

CVE-2025-9152 was published Oct 16, 2025

Multiple Broken Authentication security issues exist in the affected product. The security issues... Critical Unreviewed

CVE-2025-7328 was published Oct 14, 2025

A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions <... Critical Unreviewed

CVE-2025-40771 was published Oct 14, 2025

A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 <... Critical Unreviewed

CVE-2025-40765 was published Oct 14, 2025

Newforma Info Exchange (NIX) accepts serialized .NET data via the '/remoteweb/remote.rem'... Critical Unreviewed

CVE-2025-35050 was published Oct 9, 2025

Azure Entra ID Elevation of Privilege Vulnerability Critical Unreviewed

CVE-2025-59246 was published Oct 9, 2025

Better Auth: Unauthenticated API key creation through api-key plugin Critical

CVE-2025-61928 was published for better-auth (npm) Oct 9, 2025

Credited to etiennelunetta

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and... Critical Unreviewed

CVE-2025-34223 was published Sep 29, 2025

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and... Critical Unreviewed

CVE-2025-34224 was published Sep 29, 2025

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and... Critical Unreviewed

CVE-2025-34216 was published Sep 29, 2025

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and... Critical Unreviewed

CVE-2025-34218 was published Sep 29, 2025

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and... Critical Unreviewed

CVE-2025-34221 was published Sep 29, 2025

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and... Critical Unreviewed

CVE-2025-34222 was published Sep 29, 2025

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and... Critical Unreviewed

CVE-2025-34215 was published Sep 29, 2025

A missing authentication for critical function vulnerability in SUNNET Corporate Training... Critical Unreviewed

CVE-2025-54942 was published Sep 25, 2025

The database for the web application is exposed without authentication, allowing an... Critical Unreviewed

CVE-2025-41715 was published Sep 24, 2025

Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts... Critical Unreviewed

CVE-2025-57432 was published Sep 22, 2025

General Bytes Crypto Application Server (CAS) beginning with version 20201208 prior to 20220531... Critical Unreviewed

CVE-2022-4980 was published Sep 19, 2025

Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing... Critical Unreviewed

CVE-2025-9971 was published Sep 17, 2025

Statistical Database System developed by Gotac has a Missing Authentication vulnerability,... Critical Unreviewed

CVE-2025-10452 was published Sep 15, 2025

Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover Critical

CVE-2025-58434 was published for flowise (npm) Sep 12, 2025

Credited to zaddy6 and arthurgervais

TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated... Critical Unreviewed

CVE-2025-8861 was published Aug 29, 2025

The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat... Critical Unreviewed

CVE-2025-30041 was published Aug 27, 2025

Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows... Critical Unreviewed

CVE-2025-30039 was published Aug 27, 2025

The vulnerability allows unauthenticated users to download a file containing session ID data by... Critical Unreviewed

CVE-2025-30040 was published Aug 27, 2025

Previous1…19 Next

Previous 1 2 3 4 5 … 18 19 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

470 advisories