GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,763
Composer 4,750
Erlang 35
GitHub Actions 29
Go 2,323
Maven 5,608
npm 3,956
NuGet 712
pip 3,739
Pub 12
RubyGems 921
Rust 973
Swift 38

Unreviewed advisories

All unreviewed 258,251

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

316 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi... Critical Unreviewed

CVE-2025-44619 was published May 30, 2025

An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the... Critical Unreviewed

CVE-2025-45343 was published May 28, 2025

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access... Critical Unreviewed

CVE-2025-43563 was published May 13, 2025

This issue was addressed by restricting options offered on a locked device. This issue is fixed... Critical Unreviewed

CVE-2025-30436 was published May 13, 2025

Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted... Critical Unreviewed

CVE-2025-45612 was published May 5, 2025

Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain... Critical Unreviewed

CVE-2025-45615 was published May 5, 2025

Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to... Critical Unreviewed

CVE-2025-45611 was published May 5, 2025

Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint. Critical Unreviewed

CVE-2024-48905 was published May 2, 2025

Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a... Critical Unreviewed

CVE-2025-28104 was published Apr 21, 2025

Incorrect access control in the HOME.php endpoint of JMBroadcast JMB0150 Firmware v1.0 allows... Critical Unreviewed

CVE-2025-28232 was published Apr 21, 2025

Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and System v2.2.15 allows... Critical Unreviewed

CVE-2025-28229 was published Apr 21, 2025

Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows unauthorized attackers to... Critical Unreviewed

CVE-2025-28231 was published Apr 18, 2025

Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000,... Critical Unreviewed

CVE-2025-28233 was published Apr 18, 2025

A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance... Critical Unreviewed

CVE-2025-3113 was published Apr 17, 2025

Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 131.0... Critical Unreviewed

CVE-2025-1568 was published Apr 17, 2025

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access... Critical Unreviewed

CVE-2025-30281 was published Apr 8, 2025

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the... Critical Unreviewed

CVE-2025-28413 was published Apr 7, 2025

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave... Critical Unreviewed

CVE-2025-28412 was published Apr 7, 2025

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the... Critical Unreviewed

CVE-2025-28410 was published Apr 7, 2025

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree... Critical Unreviewed

CVE-2025-28408 was published Apr 7, 2025

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter Critical Unreviewed

CVE-2025-28402 was published Apr 7, 2025

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter Critical Unreviewed

CVE-2025-28406 was published Apr 7, 2025

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus... Critical Unreviewed

CVE-2025-28405 was published Apr 7, 2025

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method... Critical Unreviewed

CVE-2025-28411 was published Apr 7, 2025

A library injection issue was addressed with additional restrictions. This issue is fixed in... Critical Unreviewed

CVE-2025-30462 was published Apr 1, 2025

Previous 1 2 3 4 5 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

316 advisories