Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,522 advisories

Loading
The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9... Critical Unreviewed
CVE-2025-11127 was published Nov 21, 2025
Grafana Incorrect Privilege Assignment vulnerability Critical
CVE-2025-41115 was published for github.com/grafana/grafana (Go) Nov 21, 2025
cdupuis
Credited to cdupuis
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-11456 was published Nov 21, 2025
EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict... Critical Unreviewed
CVE-2025-64310 was published Nov 21, 2025
Azure Bastion Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-49752 was published Nov 21, 2025
Microsoft SharePoint Online Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-59245 was published Nov 21, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability... Critical Unreviewed
CVE-2025-10571 was published Nov 20, 2025
BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly... Critical Unreviewed
CVE-2025-34320 was published Nov 20, 2025
md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter Critical
CVE-2025-65108 was published for md-to-pdf (npm) Nov 20, 2025
Prodigysec
Credited to Prodigysec
@hpke/core reuses AEAD nonces Critical
CVE-2025-64767 was published for @hpke/core (npm) Nov 20, 2025
panva
Credited to panva
An attacker could take over a Looker account in a Looker instance configured with OIDC... Critical Unreviewed
CVE-2025-12414 was published Nov 20, 2025
The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vulnerable to Remote Code... Critical Unreviewed
CVE-2025-63213 was published Nov 19, 2025
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An... Critical Unreviewed
CVE-2025-13315 was published Nov 19, 2025
An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface,... Critical Unreviewed
CVE-2025-63206 was published Nov 19, 2025
The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to... Critical Unreviewed
CVE-2025-63207 was published Nov 19, 2025
The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is... Critical Unreviewed
CVE-2025-63210 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... Critical Unreviewed
CVE-2025-34328 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... Critical Unreviewed
CVE-2025-34329 was published Nov 19, 2025
The Axel Technology StreamerMAX MK II devices (firmware versions 0.8.5 to 1.0.3) are vulnerable... Critical Unreviewed
CVE-2025-63223 was published Nov 19, 2025
The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper... Critical Unreviewed
CVE-2025-63224 was published Nov 19, 2025
Legacy Vivotek Device firmware uses default credetials for the root and user login accounts. Critical Unreviewed
CVE-2025-12592 was published Nov 19, 2025
The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable... Critical Unreviewed
CVE-2025-63218 was published Nov 19, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-10437 was published Nov 19, 2025
Apache Causeway vulnerable to deserialization in Java Critical
CVE-2025-64408 was published for org.apache.causeway.commons:causeway-commons (Maven) Nov 19, 2025
The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as... Critical Unreviewed
CVE-2025-12057 was published Nov 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database