Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

204 advisories

Loading
Missing Authorization vulnerability in FocuxTheme WPKit For Elementor allows Privilege Escalation... Critical Unreviewed
CVE-2025-32281 was published Jun 27, 2025
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious... Critical Unreviewed
CVE-2023-34063 was published Jan 16, 2024
Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization... Critical Unreviewed
CVE-2024-53298 was published Jun 20, 2025
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By... Critical Unreviewed
CVE-2025-1562 was published Jun 18, 2025
Digigram's PYKO-OUT audio-over-IP (AoIP) web-server does not require a password by default,... Critical Unreviewed
CVE-2025-3927 was published May 2, 2025
The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for... Critical Unreviewed
CVE-2025-5288 was published Jun 13, 2025
RFC inbound processing�does not perform necessary authorization checks for an authenticated user,... Critical Unreviewed
CVE-2025-42989 was published Jun 10, 2025
The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing... Critical Unreviewed
CVE-2025-5486 was published Jun 6, 2025
The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that... Critical Unreviewed
CVE-2025-5701 was published Jun 5, 2025
An arbitrary file upload vulnerability in the component /server/executeExec of JEHC-BPM v2.0.1... Critical Unreviewed
CVE-2025-45854 was published Jun 3, 2025
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable... Critical Unreviewed
CVE-2024-6328 was published Jul 12, 2024
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma... Critical Unreviewed
CVE-2025-30448 was published May 13, 2025
An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using... Critical Unreviewed
CVE-2025-26846 was published May 12, 2025
Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH... Critical Unreviewed
CVE-2025-28202 was published May 9, 2025
A vulnerability in the S3 bucket configuration for h2oai/h2o-3 allows public write access to the ... Critical Unreviewed
CVE-2025-0782 was published May 2, 2025
The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2025-3746 was published May 2, 2025
A vulnerability in the cmdb service of the HPE Performance Cluster Manager (HPCM) could allow an... Critical Unreviewed
CVE-2025-37087 was published Apr 22, 2025
** UNSUPPORTED WHEN ASSIGNED ** A security filter misconfiguration exists in VMware Hyperic... Critical Unreviewed
CVE-2022-38651 was published Nov 12, 2022
The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated... Critical Unreviewed
CVE-2022-41326 was published Nov 22, 2022
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover... Critical Unreviewed
CVE-2025-3604 was published Apr 24, 2025
An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a... Critical Unreviewed
CVE-2024-53591 was published Apr 18, 2025
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an... Critical Unreviewed
CVE-2017-6622 was published May 13, 2022
Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was... Critical Unreviewed
CVE-2025-25953 was published Mar 3, 2025
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker... Critical Unreviewed
CVE-2021-45467 was published Dec 26, 2022
Missing authorization vulnerability exists in Unifier and Unifier Cast Version.5.0 or later, and... Critical Unreviewed
CVE-2024-36246 was published May 31, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database