Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

44 advisories

Loading
A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do... Critical Unreviewed
CVE-2021-3586 was published Aug 23, 2022
The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the... Critical Unreviewed
CVE-2022-41648 was published Oct 28, 2022
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. Critical Unreviewed
CVE-2022-48342 was published Feb 23, 2023
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated... Critical Unreviewed
CVE-2023-6448 was published Dec 5, 2023
The affected devices use publicly available default credentials with administrative privileges. Critical Unreviewed
CVE-2023-39169 was published Dec 7, 2023
Liferay Portal has a Stored XSS with Blog entries (Insecure defaults) Critical
CVE-2024-25610 was published for com.liferay.portal:com.liferay.portal.web (Maven) Feb 20, 2024
A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4... Critical Unreviewed
CVE-2024-28815 was published Mar 27, 2024
Insecure deserialization in BentoML Critical
CVE-2024-2912 was published for bentoml (pip) Apr 16, 2024
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR... Critical Unreviewed
CVE-2024-31070 was published Jul 17, 2024
A condition exists in FlashArray Purity whereby a local account intended for initial array... Critical Unreviewed
CVE-2024-0001 was published Sep 23, 2024
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could... Critical Unreviewed
CVE-2025-1960 was published Mar 12, 2025
Insecure default settings have been found in recorder products provided by Yokogawa Electric... Critical Unreviewed
CVE-2025-1863 was published Apr 18, 2025
The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even... Critical Unreviewed
CVE-2025-41438 was published May 30, 2025
The Versa Director software exposes a number of services by default and allow attackers an easy... Critical Unreviewed
CVE-2025-24288 was published Jun 19, 2025
A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain... Critical Unreviewed
CVE-2025-41672 was published Jul 7, 2025
NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access Critical
CVE-2025-54127 was published for @haxtheweb/haxcms-nodejs (npm) Jul 21, 2025
asareynolds
Credited to asareynolds
A security issue exists due to the web-based debugger agent enabled on Rockwell Automation... Critical Unreviewed
CVE-2025-7353 was published Aug 14, 2025
The default configuration of WatchGuard Firebox devices through 2025-09-10 allows administrative... Critical Unreviewed
CVE-2025-59396 was published Nov 6, 2025
Ray's New Token Authentication is Disabled By Default Critical
CVE-2025-34351 was published for ray (pip) Nov 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database