Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

215 advisories

Loading
The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account... High Unreviewed
CVE-2025-63800 was published Nov 18, 2025
LibreNMS has Weak Password Policy Low
CVE-2025-65014 was published for librenms/librenms (Composer) Nov 18, 2025
marcelomulder
Credited to marcelomulder
QaTraq 6.9.2 ships with administrative account credentials which are enabled in default... Critical Unreviewed
CVE-2025-63747 was published Nov 17, 2025
General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement... High Unreviewed
CVE-2025-55034 was published Nov 15, 2025
Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Moderate Unreviewed
CVE-2025-12552 was published Oct 31, 2025
MLflow Weak Password Requirements Authentication Bypass Vulnerability High
CVE-2025-11200 was published for mlflow (pip) Oct 29, 2025
Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Critical Unreviewed
CVE-2025-12364 was published Oct 27, 2025
Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Critical Unreviewed
CVE-2025-12285 was published Oct 26, 2025
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum... High Unreviewed
CVE-2025-60954 was published Oct 24, 2025
NovoSGA: Manipulation of User Creation Page can lead to weak password requirements Low
CVE-2025-11322 was published for novosga/novosga (Composer) Oct 6, 2025
IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong... Moderate Unreviewed
CVE-2023-49883 was published Oct 1, 2025
No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter... High Unreviewed
CVE-2025-9964 was published Sep 23, 2025
H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to... High Unreviewed
CVE-2025-57295 was published Sep 18, 2025
A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. This issue affects some... Low Unreviewed
CVE-2025-10320 was published Sep 12, 2025
A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function... Moderate Unreviewed
CVE-2025-9514 was published Aug 27, 2025
Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4... Critical Unreviewed
CVE-2025-25737 was published Aug 26, 2025
An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's... Moderate Unreviewed
CVE-2025-51543 was published Aug 19, 2025
A vulnerability was found in atjiu pybbs up to 6.0.0. It has been classified as critical.... Moderate Unreviewed
CVE-2025-8549 was published Aug 5, 2025
Quantum SuperLoader 3 V94.0 005E.0h devices allow attackers to access the hardcoded fa account... Moderate Unreviewed
CVE-2019-19145 was published Aug 1, 2025
A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This... Moderate Unreviewed
CVE-2025-8182 was published Jul 26, 2025
Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system... Moderate Unreviewed
CVE-2025-5022 was published Jul 10, 2025
File Browser vulnerable to insecure password handling Moderate
CVE-2025-52997 was published for github.com/filebrowser/filebrowser (Go) Jun 30, 2025
mtausig hacdias
Credited to mtausig and hacdias
Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a... Critical Unreviewed
CVE-2025-28389 was published Jun 13, 2025
IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by... Moderate Unreviewed
CVE-2024-22330 was published Jun 6, 2025
Users who were required to change their password could still access system information before... Moderate Unreviewed
CVE-2025-46742 was published May 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database