Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,876
Erlang
37
GitHub Actions
37
Go
2,525
Maven
5,000+
npm
4,184
NuGet
741
pip
3,966
Pub
12
RubyGems
947
Rust
1,028
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,262 advisories

Loading
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the... Moderate Unreviewed
CVE-2025-60251 was published Sep 26, 2025
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication... Critical Unreviewed
CVE-2024-8956 was published Sep 17, 2024
A missing authentication for critical function vulnerability in SUNNET Corporate Training... Critical Unreviewed
CVE-2025-54942 was published Sep 25, 2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (macOS/Linux client... High Unreviewed
CVE-2025-34190 was published Sep 19, 2025
Mattermost Confluence Plugin is Missing Authentication for Critical Function Moderate
CVE-2025-54478 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
The database for the web application is exposed without authentication, allowing an... Critical Unreviewed
CVE-2025-41715 was published Sep 24, 2025
The web application allows an unauthenticated remote attacker to learn information about existing... Moderate Unreviewed
CVE-2025-41716 was published Sep 24, 2025
An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The... High Unreviewed
CVE-2013-10032 was published Jul 25, 2025
Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts... Critical Unreviewed
CVE-2025-57432 was published Sep 22, 2025
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability.... Critical Unreviewed
CVE-2024-11680 was published Nov 26, 2024
GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected... High Unreviewed
CVE-2025-9983 was published Sep 22, 2025
General Bytes Crypto Application Server (CAS) beginning with version 20201208 prior to 20220531... Critical Unreviewed
CVE-2022-4980 was published Sep 19, 2025
Dragonfly doesn't have authentication enabled for some Manager’s endpoints High
CVE-2025-59345 was published for github.com/dragonflyoss/dragonfly (Go) Sep 17, 2025
gaius-qi
A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic.... Low Unreviewed
CVE-2025-5715 was published Jun 6, 2025
An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a... High Unreviewed
CVE-2025-56562 was published Sep 16, 2025
A security issue exists within FactoryTalk Activation Manager. An error in the implementation of... High Unreviewed
CVE-2025-7970 was published Sep 9, 2025
A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with... Critical Unreviewed
CVE-2025-34071 was published Jul 2, 2025
A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5... Critical Unreviewed
CVE-2025-34070 was published Jul 2, 2025
An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default... Critical Unreviewed
CVE-2025-34069 was published Jul 2, 2025
With address book access, SMB/FTP settings could be modified, redirecting scans and possibly... High Unreviewed
CVE-2024-12511 was published Feb 3, 2025
Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing... Critical Unreviewed
CVE-2025-9971 was published Sep 17, 2025
Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function High
CVE-2025-59358 was published for github.com/chaos-mesh/chaos-mesh (Go) Sep 15, 2025
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover Critical
CVE-2025-58434 was published for flowise (npm) Sep 12, 2025
zaddy6 arthurgervais
The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause... High Unreviewed
CVE-2025-8627 was published Aug 26, 2025
Statistical Database System developed by Gotac has a Missing Authentication vulnerability,... Critical Unreviewed
CVE-2025-10452 was published Sep 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database