Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,930
Maven
5,000+
npm
4,587
NuGet
786
pip
4,294
Pub
12
RubyGems
981
Rust
1,114
Swift
49
Unreviewed advisories
All unreviewed
5,000+

4,036 advisories

Loading
FUXA Unauthenticated Remote Code Execution via Admin JWT Minting Critical
GHSA-vwcg-c828-9822 was published for fuxa-server (npm) Feb 5, 2026
wodzen
Credited to wodzen
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers... Critical Unreviewed
CVE-2025-70841 was published Feb 3, 2026
Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion... Critical Unreviewed
CVE-2026-1568 was published Feb 3, 2026
A vulnerability has been found in DJI Mavic Mini, Spark and Mini SE up to 01.00.0500. Affected by... Low Unreviewed
CVE-2026-1743 was published Feb 2, 2026
A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function... Moderate Unreviewed
CVE-2026-1740 was published Feb 2, 2026
Salt Authentication Protocol Version Downgrade Allows Minion Impersonation High
CVE-2025-62349 was published for salt (pip) Jan 30, 2026
Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication... Moderate Unreviewed
CVE-2026-22764 was published Jan 29, 2026
Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password... Moderate Unreviewed
CVE-2025-12810 was published Jan 27, 2026
A vulnerability was detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. Impacted is an unknown... Moderate Unreviewed
CVE-2026-1410 was published Jan 26, 2026
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for... Low Unreviewed
CVE-2026-0633 was published Jan 24, 2026
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user... Critical Unreviewed
CVE-2022-25369 was published Jan 23, 2026
A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function... Moderate Unreviewed
CVE-2026-1202 was published Jan 20, 2026
A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function... Moderate Unreviewed
CVE-2026-1203 was published Jan 20, 2026
Authentication bypass in the password recovery feature of the local web interface across multiple... High Unreviewed
CVE-2026-0629 was published Jan 16, 2026
A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50)... Critical Unreviewed
CVE-2025-67822 was published Jan 16, 2026
A vulnerability exists in an Orchestrator service that could allow an unauthenticated remote... Moderate Unreviewed
CVE-2025-37184 was published Jan 14, 2026
Improper authentication in some Intel(R) Server Product OpenBMC firmware before version egs-1.09... High Unreviewed
CVE-2023-31189 was published Jan 14, 2026
The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs.... Critical Unreviewed
CVE-2026-22236 was published Jan 14, 2026
A Improper Authentication vulnerability in TLP allows local users to arbitrarily control the... Moderate Unreviewed
CVE-2025-67859 was published Jan 14, 2026
A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN... Moderate Unreviewed
CVE-2026-0408 was published Jan 13, 2026
An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network... Moderate Unreviewed
CVE-2026-0407 was published Jan 13, 2026
An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the... Moderate Unreviewed
CVE-2026-0405 was published Jan 13, 2026
An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a... High Unreviewed
CVE-2025-66698 was published Jan 13, 2026
Jervis's AES CBC Mode is Without Authentication High
CVE-2025-68931 was published for net.gleske:jervis (Maven) Jan 13, 2026
Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows... High Unreviewed
CVE-2025-69273 was published Jan 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database