Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,790
Erlang
36
GitHub Actions
29
Go
2,370
Maven
5,000+
npm
3,994
NuGet
720
pip
3,783
Pub
12
RubyGems
927
Rust
982
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,169 advisories

Loading
Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 ... Critical Unreviewed
CVE-2025-45814 was published Jul 2, 2025
A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5... Critical Unreviewed
CVE-2025-34070 was published Jul 2, 2025
An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default... Critical Unreviewed
CVE-2025-34069 was published Jul 2, 2025
A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with... Critical Unreviewed
CVE-2025-34071 was published Jul 2, 2025
A flaw was found in the authentication enforcement mechanism of a model inference API in ai... Moderate Unreviewed
CVE-2025-6920 was published Jul 1, 2025
An unauthenticated remote attacker can run arbitrary commands on the affected devices with high... Critical Unreviewed
CVE-2025-41656 was published Jul 1, 2025
The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a... High Unreviewed
CVE-2024-8419 was published Jun 30, 2025
Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated... Critical Unreviewed
CVE-2025-5310 was published Jun 27, 2025
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G... Critical Unreviewed
CVE-2025-3699 was published Jun 27, 2025
Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure... High Unreviewed
CVE-2025-6678 was published Jun 26, 2025
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2... High Unreviewed
CVE-2025-32978 was published Jun 26, 2025
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload... Critical Unreviewed
CVE-2025-48469 was published Jun 26, 2025
An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device... High Unreviewed
CVE-2025-3090 was published Jun 26, 2025
OpenBao allows cancellation of root rekey and recovery rekey operations without authentication Moderate
CVE-2025-52894 was published for github.com/openbao/openbao/api/v2 (Go) Jun 26, 2025
cipherboy
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18... Moderate Unreviewed
CVE-2025-1754 was published Jun 26, 2025
IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due... High Unreviewed
CVE-2025-3319 was published Jun 20, 2025
Apache SeaTunnel: Unauthenticated insecure access Low
CVE-2025-32896 was published for org.apache.seatunnel:seatunnel-engine-common (Maven) Jun 19, 2025
A web application for configuring the controller is accessible at a specific path. It contains an... High Unreviewed
CVE-2025-25265 was published Jun 16, 2025
MCP Inspector proxy server lacks authentication between the Inspector client and proxy Critical
CVE-2025-49596 was published for @modelcontextprotocol/inspector (npm) Jun 13, 2025
A vulnerability has been identified in Perfect Harmony GH180 (All versions >= V8.0 < V8.3.3 with... Moderate Unreviewed
CVE-2024-35295 was published Jun 11, 2025
The Archify application contains a local privilege escalation vulnerability due to insufficient... High Unreviewed
CVE-2024-9062 was published Jun 11, 2025
A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This... Moderate Unreviewed
CVE-2025-5906 was published Jun 10, 2025
CyberData  011209 Intercom exposes features that could allow an unauthenticated to gain ... High Unreviewed
CVE-2025-26468 was published Jun 10, 2025
BackendAI Missing Authentication for Critical Function Critical
CVE-2025-49652 was published for backend.ai (pip) Jun 9, 2025
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an... Critical Unreviewed
CVE-2025-3461 was published Jun 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database