GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,275
Composer 4,356
Erlang 31
GitHub Actions 22
Go 2,120
Maven 5,297
npm 3,782
NuGet 683
pip 3,460
Pub 12
RubyGems 893
Rust 892
Swift 38

Unreviewed advisories

All unreviewed 244,070

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

935 advisories

Filter by severity

Sort by

Least recently updated

wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability... Moderate Unreviewed

CVE-2024-10649 was published Feb 10, 2025

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0... Moderate Unreviewed

CVE-2024-54176 was published Feb 8, 2025

Built-in SMS-configuration command in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1... Critical Unreviewed

CVE-2024-36555 was published Feb 6, 2025

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass... Critical Unreviewed

CVE-2024-9644 was published Feb 4, 2025

A file handling command vulnerability in certain versions of Armoury Crate may result in... High Unreviewed

CVE-2024-12957 was published Jan 23, 2025

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to,... Critical Unreviewed

CVE-2024-12857 was published Jan 22, 2025

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported... Moderate Unreviewed

CVE-2025-21559 was published Jan 21, 2025

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... Critical Unreviewed

CVE-2025-21535 was published Jan 21, 2025

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web... High Unreviewed

CVE-2025-21515 was published Jan 21, 2025

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component:... Critical Unreviewed

CVE-2025-21524 was published Jan 21, 2025

In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication... Moderate Unreviewed

CVE-2025-24456 was published Jan 21, 2025

Nedap Librix Ecoreader is missing authentication for critical functions that could allow an ... High Unreviewed

CVE-2024-12757 was published Jan 17, 2025

The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing... Critical Unreviewed

CVE-2025-0456 was published Jan 16, 2025

Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver... High Unreviewed

CVE-2025-0355 was published Jan 15, 2025

An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000... Moderate Unreviewed

CVE-2024-39773 was published Jan 14, 2025

A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8... Critical Unreviewed

CVE-2024-39608 was published Jan 14, 2025

A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8... Critical Unreviewed

CVE-2024-39273 was published Jan 14, 2025

A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0... High Unreviewed

CVE-2024-35277 was published Jan 14, 2025

The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some... Moderate Unreviewed

CVE-2024-13186 was published Jan 8, 2025

The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some... Moderate Unreviewed

CVE-2024-13185 was published Jan 8, 2025

The health module has insufficient restrictions on loading URLs, which may lead to some... Moderate Unreviewed

CVE-2024-13173 was published Jan 8, 2025

Sensitive information disclosure due to missing authentication. The following products are... Moderate Unreviewed

CVE-2024-55538 was published Jan 2, 2025

In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP... Critical Unreviewed

CVE-2024-12106 was published Dec 31, 2024

A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A... Critical Unreviewed

CVE-2024-21855 was published Dec 20, 2024

An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted... Critical Unreviewed

CVE-2024-54984 was published Dec 20, 2024

Previous 1 2 3 4 5 … 37 38 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

935 advisories