Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,401
Maven
5,000+
npm
4,044
NuGet
723
pip
3,830
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

371 advisories

Loading
An issue was discovered on IROAD Dashcam FX2 devices. Bypass of Device Pairing/Registration can... Critical Unreviewed
CVE-2025-30133 was published Jul 28, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS... Critical Unreviewed
CVE-2025-43194 was published Jul 30, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Critical Unreviewed
CVE-2025-43232 was published Jul 30, 2025
This issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia... Critical Unreviewed
CVE-2025-43233 was published Jul 30, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15... Critical Unreviewed
CVE-2025-43198 was published Jul 30, 2025
A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream... Critical Unreviewed
CVE-2025-27724 was published Jul 28, 2025
In Linksys E2500 3.0.04.002, the chroot_local_user option is enabled in the vsftpd configuration... Critical Unreviewed
CVE-2025-44654 was published Jul 21, 2025
In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control... Critical Unreviewed
CVE-2025-23048 was published Jul 10, 2025
An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows... Critical Unreviewed
CVE-2024-11167 was published Mar 20, 2025
linjiashop <=0.9 is vulnerable to Incorrect Access Control. When using the default-generated JWT... Critical Unreviewed
CVE-2025-52101 was published Jul 1, 2025
Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with... Critical Unreviewed
CVE-2024-52928 was published Jun 26, 2025
Northern.tech Mender Server before 3.7.11 and 4.x before 4.0.1 has Incorrect Access Control. Critical Unreviewed
CVE-2025-49603 was published Jun 26, 2025
A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute... Critical Unreviewed
CVE-2023-47297 was published Jun 23, 2025
The potential exists for exposure of the product's password used to restrict unauthorized access... Critical Unreviewed
CVE-2010-5305 was published May 13, 2022
The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service... Critical Unreviewed
CVE-2024-45208 was published Jun 19, 2025
In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage... Critical Unreviewed
CVE-2024-22216 was published Jan 8, 2024
Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi... Critical Unreviewed
CVE-2025-44619 was published May 30, 2025
An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2025-45343 was published May 28, 2025
Jenkins OpenID Connect Provider Plugin Incorrectly Validates Crafted Build ID Tokens Critical
CVE-2025-47884 was published for io.jenkins.plugins:oidc-provider (Maven) May 14, 2025
This issue was addressed by restricting options offered on a locked device. This issue is fixed... Critical Unreviewed
CVE-2025-30436 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access... Critical Unreviewed
CVE-2025-43563 was published May 13, 2025
Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a... Critical Unreviewed
CVE-2025-28104 was published Apr 21, 2025
goshs route not protected, allows command execution Critical
CVE-2025-46816 was published for github.com/patrickhener/goshs (Go) May 6, 2025
Guilhem7
BRCC Incorrect Access Control vulnerability Critical
CVE-2025-45616 was published for com.baidu.mapp:brcc-core (Maven) May 5, 2025
Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint. Critical Unreviewed
CVE-2024-48905 was published May 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database