Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,950
Maven
5,000+
npm
4,596
NuGet
787
pip
4,301
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

4,039 advisories

Loading
Vulnerability in Tyche softwares Product Delivery Date for WooCommerce – Lite.This issue affects... Moderate Unreviewed
CVE-2023-52210 was published Dec 23, 2025
There is an improper authentication vulnerability in some Hikvision DVR products. Due to the... Moderate Unreviewed
CVE-2025-66174 was published Dec 19, 2025
A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown... Moderate Unreviewed
CVE-2025-14908 was published Dec 19, 2025
An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed... Moderate Unreviewed
CVE-2025-13427 was published Dec 19, 2025
Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated... Moderate Unreviewed
CVE-2025-14738 was published Dec 18, 2025
An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through... Critical Unreviewed
CVE-2025-67791 was published Dec 18, 2025
A vulnerability in the application software of multiple Radiometer products may allow remote code... High Unreviewed
CVE-2025-14097 was published Dec 17, 2025
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in... High Unreviewed
CVE-2025-14002 was published Dec 16, 2025
A vulnerability has been found in Ningyuanda TC155 57.0.2.0. The affected element is an unknown... Moderate Unreviewed
CVE-2025-14746 was published Dec 16, 2025
django-allauth's Okta and NetIQ implementations used a mutable identifier for authorization decisions Moderate
CVE-2025-65431 was published for django-allauth (pip) Dec 15, 2025
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed... High Unreviewed
CVE-2025-65781 was published Dec 15, 2025
Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates Moderate
CVE-2025-37731 was published for org.elasticsearch:elasticsearch (Maven) Dec 15, 2025
A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown... Moderate Unreviewed
CVE-2025-14703 was published Dec 15, 2025
A weakness has been identified in haxxorsid Stock-Management-System up to... Moderate Unreviewed
CVE-2025-14567 was published Dec 12, 2025
The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when... Moderate Unreviewed
CVE-2025-10684 was published Dec 12, 2025
Filament multi-factor authentication (app) recovery codes can be used multiple times High
CVE-2025-67507 was published for filament/filament (Composer) Dec 9, 2025
JaZo danharrin
Credited to JaZo and danharrin
The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login ... Critical Unreviewed
CVE-2025-12374 was published Dec 5, 2025
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local... Critical Unreviewed
CVE-2025-64055 was published Dec 3, 2025
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an... Moderate Unreviewed
CVE-2025-59704 was published Dec 2, 2025
Mattermost fails to to verify the token used during code exchange Critical
CVE-2025-12421 was published for github.com/mattermost/mattermost-server (Go) Nov 27, 2025
Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication Critical
CVE-2025-12419 was published for github.com/mattermost/mattermost-server (Go) Nov 27, 2025
Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions Low
GHSA-wmjr-v86c-m9jj was published for better-auth (npm) Nov 26, 2025
mufeedvh
Credited to mufeedvh
lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper... Critical Unreviewed
CVE-2025-9803 was published Nov 25, 2025
The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is... Critical Unreviewed
CVE-2025-63210 was published Nov 19, 2025
The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to... Critical Unreviewed
CVE-2025-63207 was published Nov 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database