Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,675
Maven
5,000+
npm
4,297
NuGet
760
pip
4,077
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,385 advisories

Loading
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR... High Unreviewed
CVE-2024-14007 was published Nov 24, 2025
Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical... Moderate Unreviewed
CVE-2025-63435 was published Nov 24, 2025
The Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin for... Moderate Unreviewed
CVE-2025-11771 was published Nov 21, 2025
The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP)... High Unreviewed
CVE-2025-62674 was published Nov 20, 2025
The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF)... High Unreviewed
CVE-2025-64770 was published Nov 20, 2025
An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface,... Critical Unreviewed
CVE-2025-63206 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... High Unreviewed
CVE-2025-34331 was published Nov 19, 2025
The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for... Moderate Unreviewed
CVE-2025-12349 was published Nov 19, 2025
A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation... Critical Unreviewed
CVE-2025-9312 was published Nov 18, 2025
PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does... High Unreviewed
CVE-2021-4468 was published Nov 15, 2025
Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access... High Unreviewed
CVE-2021-4469 was published Nov 15, 2025
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access... Moderate Unreviewed
CVE-2023-7328 was published Nov 15, 2025
General Industrial Controls Lynx+ Gateway  is missing critical authentication in the embedded... Critical Unreviewed
CVE-2025-58083 was published Nov 15, 2025
General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web... High Unreviewed
CVE-2025-59780 was published Nov 15, 2025
The Brightpick Internal Logic Control web interface is accessible without requiring user... High Unreviewed
CVE-2025-64307 was published Nov 15, 2025
Flowise does not Prevent Bypass of Password Confirmation - Unverified Password Change High
GHSA-fjh6-8679-9pch was published for flowise-ui (npm) Nov 14, 2025
mbiesiad
Credited to mbiesiad
Flowise doesn't Prevent Bypass of Password Confirmation through Unverified Email Change (credentials) High
GHSA-x39m-3393-3qp4 was published for flowise-ui (npm) Nov 14, 2025
mbiesiad
Credited to mbiesiad
Mattermost does not enforce MFA on WebSocket connections Moderate
CVE-2025-55070 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
Mattermost allows an attacker to edit arbitrary posts via a crafted MSTeams plugin OAuth redirect URL Moderate
CVE-2025-55073 was published for github.com/mattermost/mattermost-server (Go) Nov 14, 2025
Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a... High Unreviewed
CVE-2023-7329 was published Nov 13, 2025
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO!... High Unreviewed
CVE-2025-40817 was published Nov 11, 2025
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO!... High Unreviewed
CVE-2025-40816 was published Nov 11, 2025
The Crypto plugin for WordPress is vulnerable to Information exposure in all versions up to, and... Moderate Unreviewed
CVE-2025-11986 was published Nov 11, 2025
Due to missing authentication, SAP HANA 2.0 (hdbrss) allows an unauthenticated attacker to call a... Moderate Unreviewed
CVE-2025-42885 was published Nov 11, 2025
Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a... Moderate Unreviewed
CVE-2025-12447 was published Nov 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database