Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,670
Maven
5,000+
npm
4,296
NuGet
760
pip
4,075
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

143 advisories

Loading
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the smbd_response... Moderate Unreviewed
CVE-2025-38523 was published Aug 16, 2025
The default configuration of WatchGuard Firebox devices through 2025-09-10 allows administrative... Critical Unreviewed
CVE-2025-59396 was published Nov 6, 2025
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation... Moderate Unreviewed
CVE-2022-47194 was published Jan 19, 2023
An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation... Moderate Unreviewed
CVE-2022-47196 was published Jan 19, 2023
The affected devices use publicly available default credentials with administrative privileges. Critical Unreviewed
CVE-2023-39169 was published Dec 7, 2023
Firefox normally asks for confirmation before asking the operating system to find an application... High Unreviewed
CVE-2024-8383 was published Sep 3, 2024
Tinyproxy commit 84f203f and earlier does not process HTTP request lines in the process_request()... High Unreviewed
CVE-2022-40468 was published Sep 20, 2022
An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses a default SSID value,... Moderate Unreviewed
CVE-2020-11917 was published Nov 7, 2024
By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker... Moderate Unreviewed
CVE-2025-35021 was published Nov 4, 2025
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap... Moderate Unreviewed
CVE-2025-48927 was published May 28, 2025
Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated... Critical Unreviewed
CVE-2023-6448 was published Dec 5, 2023
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default... Critical Unreviewed
CVE-2022-24706 was published Apr 27, 2022
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix... Moderate Unreviewed
CVE-2022-49099 was published Oct 14, 2025
The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the... Critical Unreviewed
CVE-2022-41648 was published Oct 28, 2022
Denial of Service in Forescout SecureConnector 11.1.02.1019 on Windows allows Unprivileged user... Moderate Unreviewed
CVE-2024-9949 was published Oct 23, 2024
VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with... Moderate Unreviewed
CVE-2025-41245 was published Sep 29, 2025
During a short time frame while the device is booting an unauthenticated remote attacker can send... Moderate Unreviewed
CVE-2025-41713 was published Sep 15, 2025
IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for... High Unreviewed
CVE-2025-36222 was published Sep 11, 2025
In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept... Moderate Unreviewed
CVE-2025-32330 was published Sep 4, 2025
A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the... High Unreviewed
CVE-2024-6788 was published Aug 13, 2024
A security issue exists due to the web-based debugger agent enabled on Rockwell Automation... Critical Unreviewed
CVE-2025-7353 was published Aug 14, 2025
A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0... High Unreviewed
CVE-2017-12736 was published May 13, 2022
In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk... High Unreviewed
CVE-2025-44647 was published Jul 21, 2025
An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure... High Unreviewed
CVE-2025-25271 was published Jul 8, 2025
A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain... Critical Unreviewed
CVE-2025-41672 was published Jul 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database