Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,690
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

367 advisories

Loading
Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical... Moderate Unreviewed
CVE-2025-63435 was published Nov 24, 2025
Fluent Bit in_forward input plugin does not properly enforce the security.users authentication... Moderate Unreviewed
CVE-2025-12969 was published Nov 24, 2025
The Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin for... Moderate Unreviewed
CVE-2025-11771 was published Nov 21, 2025
The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for... Moderate Unreviewed
CVE-2025-12349 was published Nov 19, 2025
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access... Moderate Unreviewed
CVE-2023-7328 was published Nov 15, 2025
Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL Moderate
CVE-2025-55073 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
Mattermost does not enforce MFA on WebSocket connections Moderate
CVE-2025-55070 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
The Crypto plugin for WordPress is vulnerable to Information exposure in all versions up to, and... Moderate Unreviewed
CVE-2025-11986 was published Nov 11, 2025
Due to missing authentication, SAP HANA 2.0 (hdbrss) allows an unauthenticated attacker to call a... Moderate Unreviewed
CVE-2025-42885 was published Nov 11, 2025
Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a... Moderate Unreviewed
CVE-2025-12447 was published Nov 10, 2025
Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who... Moderate Unreviewed
CVE-2025-12436 was published Nov 10, 2025
Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote... Moderate Unreviewed
CVE-2025-12444 was published Nov 10, 2025
Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL Moderate
CVE-2025-62607 was published for nautobot-ssot (pip) Oct 21, 2025
gsnider2195 smk4664
jdrew82
Credited to gsnider2195, smk4664, and jdrew82
Vulnerability in the Oracle Life Sciences InForm product of Oracle Health Sciences Applications ... Moderate Unreviewed
CVE-2025-62287 was published Oct 21, 2025
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of... Moderate Unreviewed
CVE-2025-53034 was published Oct 21, 2025
Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART... Moderate Unreviewed
CVE-2025-60856 was published Oct 20, 2025
HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can... Moderate Unreviewed
CVE-2025-0275 was published Oct 16, 2025
HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control.... Moderate Unreviewed
CVE-2025-0274 was published Oct 16, 2025
The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and... Moderate Unreviewed
CVE-2025-11728 was published Oct 15, 2025
Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication... Moderate Unreviewed
CVE-2025-11671 was published Oct 13, 2025
Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication... Moderate Unreviewed
CVE-2025-11672 was published Oct 13, 2025
A vulnerability was found in ProjectsAndPrograms School Management System up to... Moderate Unreviewed
CVE-2025-11661 was published Oct 13, 2025
The Chartify – WordPress Chart Plugin for WordPress is vulnerable to Missing Authentication for... Moderate Unreviewed
CVE-2025-11171 was published Oct 8, 2025
The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to unauthorized access in all... Moderate Unreviewed
CVE-2025-10746 was published Oct 4, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and... Moderate Unreviewed
CVE-2025-34229 was published Sep 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database