Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,950
Maven
5,000+
npm
4,596
NuGet
787
pip
4,301
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,006 advisories

Loading
FUXA Unauthenticated Remote Code Execution via Admin JWT Minting Critical
GHSA-vwcg-c828-9822 was published for fuxa-server (npm) Feb 5, 2026
wodzen
Credited to wodzen
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers... Critical Unreviewed
CVE-2025-70841 was published Feb 3, 2026
Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion... Critical Unreviewed
CVE-2026-1568 was published Feb 3, 2026
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user... Critical Unreviewed
CVE-2022-25369 was published Jan 23, 2026
A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50)... Critical Unreviewed
CVE-2025-67822 was published Jan 16, 2026
The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs.... Critical Unreviewed
CVE-2026-22236 was published Jan 14, 2026
KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session... Critical Unreviewed
CVE-2025-68717 was published Jan 8, 2026
wolfSSL Python module vulnerable to Improper Authentication Critical
CVE-2025-15346 was published for wolfssl (pip) Jan 8, 2026
rhdesmond
Credited to rhdesmond
wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the... Critical Unreviewed
CVE-2025-14942 was published Jan 6, 2026
Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows... Critical Unreviewed
CVE-2025-60534 was published Jan 6, 2026
RustFS has a gRPC Hardcoded Token Authentication Bypass Critical
CVE-2025-68926 was published for rustfs (Rust) Dec 30, 2025
An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate... Critical Unreviewed
CVE-2025-56333 was published Dec 29, 2025
An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through... Critical Unreviewed
CVE-2025-67791 was published Dec 18, 2025
The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login ... Critical Unreviewed
CVE-2025-12374 was published Dec 5, 2025
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local... Critical Unreviewed
CVE-2025-64055 was published Dec 3, 2025
Mattermost fails to to verify the token used during code exchange Critical
CVE-2025-12421 was published for github.com/mattermost/mattermost-server (Go) Nov 27, 2025
Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication Critical
CVE-2025-12419 was published for github.com/mattermost/mattermost-server (Go) Nov 27, 2025
lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper... Critical Unreviewed
CVE-2025-9803 was published Nov 25, 2025
The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is... Critical Unreviewed
CVE-2025-63210 was published Nov 19, 2025
The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to... Critical Unreviewed
CVE-2025-63207 was published Nov 19, 2025
The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper... Critical Unreviewed
CVE-2025-63224 was published Nov 19, 2025
The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to... Critical Unreviewed
CVE-2025-63216 was published Nov 19, 2025
Milvus Proxy has a Critical Authentication Bypass Vulnerability Critical
CVE-2025-64513 was published for github.com/milvus-io/milvus (Go) Nov 13, 2025
Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows... Critical Unreviewed
CVE-2025-3222 was published Nov 7, 2025
Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper... Critical Unreviewed
CVE-2025-43995 was published Oct 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database