Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,333 advisories

Loading
sudo-rs doesn't record authenticating user properly in timestamp Moderate
CVE-2025-64517 was published for sudo-rs (Rust) Nov 13, 2025
Pingasmaster bjorn3
squell
Credited to Pingasmaster, bjorn3, and squell
KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing Moderate
CVE-2025-64434 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
Credited to mihailkirov and Faeris95
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer Moderate
CVE-2025-64432 was published for kubevirt.io/kubevirt (Go) Nov 6, 2025
mihailkirov Faeris95
xpivarc
Credited to mihailkirov, Faeris95, and xpivarc
In preloader, there is a possible escalation of privilege due to an insecure default value. This... Moderate Unreviewed
CVE-2025-20730 was published Nov 4, 2025
Moodle does not properly enforce MFA Moderate
CVE-2025-62398 was published for moodle/moodle (Composer) Oct 23, 2025
A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the... Moderate Unreviewed
CVE-2025-11942 was published Oct 19, 2025
A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown... Moderate Unreviewed
CVE-2025-11852 was published Oct 16, 2025
An improper authentication vulnerability [CWE-287] in Fortinet FortiAnalyzer version 7.6.0... Moderate Unreviewed
CVE-2025-53845 was published Oct 14, 2025
A vulnerability was found in ProjectsAndPrograms School Management System up to... Moderate Unreviewed
CVE-2025-11661 was published Oct 13, 2025
A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is... Moderate Unreviewed
CVE-2025-11633 was published Oct 12, 2025
A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function... Moderate Unreviewed
CVE-2025-11529 was published Oct 9, 2025
MCPHub has an Improper Authorization vulnerability via its handleSseConnection function Moderate
CVE-2025-11287 was published for @samanhappy/mcphub (npm) Oct 5, 2025
An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an... Moderate Unreviewed
CVE-2025-54154 was published Oct 3, 2025
Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username... Moderate Unreviewed
CVE-2025-56764 was published Sep 29, 2025
A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper... Moderate Unreviewed
CVE-2025-0663 was published Sep 23, 2025
A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability... Moderate Unreviewed
CVE-2025-10772 was published Sep 22, 2025
Dragonfly's manager makes requests to external endpoints with disabled TLS authentication Moderate
CVE-2025-59347 was published for d7y.io/dragonfly/v2 (Go) Sep 17, 2025
gaius-qi
Credited to gaius-qi
A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file ... Moderate Unreviewed
CVE-2025-10423 was published Sep 15, 2025
A vulnerability was found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40.... Moderate Unreviewed
CVE-2025-10288 was published Sep 12, 2025
Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods Moderate
CVE-2025-58065 was published for flask-appbuilder (pip) Sep 11, 2025
An issue in RTSPtoWeb v.2.4.3 allows a remote attacker to obtain sensitive information and... Moderate Unreviewed
CVE-2025-56578 was published Sep 10, 2025
Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One 2.0.2... Moderate Unreviewed
CVE-2025-10224 was published Sep 10, 2025
An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0... Moderate Unreviewed
CVE-2025-52054 was published Aug 28, 2025
A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Affected is an unknown... Moderate Unreviewed
CVE-2025-9533 was published Aug 27, 2025
A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects... Moderate Unreviewed
CVE-2025-9100 was published Aug 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database