Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9,942 advisories

Loading
lakeFS affected by unauthenticated access to API usage metrics Moderate
CVE-2025-64179 was published for github.com/treeverse/lakefs (Go) Nov 3, 2025
arielshaqed nopcoder
Credited to arielshaqed and nopcoder
An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature... Moderate Unreviewed
CVE-2025-60892 was published Nov 3, 2025
A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown... Moderate Unreviewed
CVE-2025-12616 was published Nov 3, 2025
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to... Moderate Unreviewed
CVE-2025-11983 was published Nov 1, 2025
The List category posts plugin for WordPress is vulnerable to Information Exposure in all... Moderate Unreviewed
CVE-2025-11377 was published Nov 1, 2025
Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1... Critical Unreviewed
CVE-2025-29270 was published Oct 31, 2025
The Analytify Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all... Moderate Unreviewed
CVE-2025-12521 was published Oct 31, 2025
In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is... Moderate Unreviewed
CVE-2025-34272 was published Oct 31, 2025
HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile... High Unreviewed
CVE-2024-30135 was published Oct 30, 2025
The following HP Card Readers B Models (X3D03B & Y7C05B) are potentially vulnerable to... Moderate Unreviewed
CVE-2025-11998 was published Oct 30, 2025
On affected platforms, restricted users could view sensitive portions of the config database via... Moderate Unreviewed
CVE-2025-54548 was published Oct 30, 2025
LiteLLM Information health API_KEY Information Disclosure Vulnerability. This vulnerability... Low Unreviewed
CVE-2025-11203 was published Oct 29, 2025
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security (FLS) rules are improperly... Moderate Unreviewed
CVE-2025-12147 was published Oct 29, 2025
In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules are improperly enforced on... Moderate Unreviewed
CVE-2025-12148 was published Oct 29, 2025
NextAuthjs Email misdelivery Vulnerability Moderate
GHSA-5jpx-9hw9-2fx4 was published for next-auth (npm) Oct 29, 2025
rootxjs
Credited to rootxjs
The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions... Moderate Unreviewed
CVE-2023-7320 was published Oct 29, 2025
An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized... High Unreviewed
CVE-2025-60805 was published Oct 28, 2025
Reolink Video Doorbell Wi-Fi DB_566128M5MP_W stores and transmits DDNS credentials in plaintext... High Unreviewed
CVE-2025-60858 was published Oct 28, 2025
BBOT's gitlab.py exposes globally configured "gitlab" API key Moderate
CVE-2025-10282 was published for bbot (pip) Oct 27, 2025
justinsteven
Credited to justinsteven
Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Critical Unreviewed
CVE-2025-12363 was published Oct 27, 2025
TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp... High Unreviewed
CVE-2025-27225 was published Oct 27, 2025
A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the... Moderate Unreviewed
CVE-2025-12297 was published Oct 27, 2025
StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain a hardcoded AES key which... High Unreviewed
CVE-2025-52268 was published Oct 27, 2025
Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on... High Unreviewed
CVE-2025-61482 was published Oct 27, 2025
An issue in MikroTik RouterOS v.7.14.2 and SwitchOS v.2.18 allows a remote attacker to execute... Critical Unreviewed
CVE-2025-61481 was published Oct 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database