Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,913 advisories

Loading
StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain a hardcoded AES key which... High Unreviewed
CVE-2025-52268 was published Oct 27, 2025
Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of... High Unreviewed
CVE-2025-11145 was published Oct 24, 2025
Captive Portal can expose sensitive information High Unreviewed
CVE-2025-6980 was published Oct 23, 2025
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition... High Unreviewed
CVE-2025-53066 was published Oct 21, 2025
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of... High Unreviewed
CVE-2025-53036 was published Oct 21, 2025
Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Item... High Unreviewed
CVE-2025-53043 was published Oct 21, 2025
The incomplete verification mechanism in the AutoBizLine com.mysecondline.app 1.2.91 allows... High Unreviewed
CVE-2025-61220 was published Oct 21, 2025
Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System... High Unreviewed
CVE-2025-11151 was published Oct 21, 2025
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration High
CVE-2025-53092 was published for @strapi/core (npm) Oct 16, 2025
ghostvirus62 derrickmehaffy
alexandrebodin innerdvations
Credited to ghostvirus62, derrickmehaffy, alexandrebodin, and innerdvations
Omni vulnerable to information leak via API High
CVE-2025-61688 was published for github.com/siderolabs/omni (Go) Oct 13, 2025
utkuozdemir
Credited to utkuozdemir
Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious... High Unreviewed
CVE-2025-8915 was published Oct 13, 2025
The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android ... High Unreviewed
CVE-2025-59405 was published Oct 2, 2025
YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the... High Unreviewed
CVE-2025-56161 was published Oct 2, 2025
Exposure of sensitive information in Viday. This vulnerability could allow an unauthenticated... High Unreviewed
CVE-2025-40645 was published Oct 2, 2025
Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible... High Unreviewed
CVE-2025-57430 was published Sep 22, 2025
An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain... High Unreviewed
CVE-2023-49367 was published Sep 18, 2025
This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird... High Unreviewed
CVE-2025-10536 was published Sep 16, 2025
This vulnerability affects Firefox < 143. High Unreviewed
CVE-2025-10535 was published Sep 16, 2025
WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled High
CVE-2025-54376 was published for github.com/SpectoLabs/hoverfly (Go) Sep 10, 2025
Kr1shna4garwal
Credited to Kr1shna4garwal
Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint.... High Unreviewed
CVE-2025-55976 was published Sep 10, 2025
Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby... High Unreviewed
CVE-2025-36759 was published Sep 10, 2025
An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) allows a remote attacker to obtain... High Unreviewed
CVE-2025-29089 was published Sep 9, 2025
Exposure of sensitive information to an unauthorized actor in Microsoft Office Plus allows an... High Unreviewed
CVE-2025-55243 was published Sep 9, 2025
TYPO3 Workspaces Module Information Disclosure High
CVE-2025-59018 was published for typo3/cms-workspaces (Composer) Sep 9, 2025
Langchain Community Vulnerable to XML External Entity (XXE) Attacks High
CVE-2025-6984 was published for langchain-community (pip) Sep 4, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database