Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

316 advisories

Loading
Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi... Critical Unreviewed
CVE-2025-44619 was published May 30, 2025
An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the... Critical Unreviewed
CVE-2025-45343 was published May 28, 2025
This issue was addressed by restricting options offered on a locked device. This issue is fixed... Critical Unreviewed
CVE-2025-30436 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access... Critical Unreviewed
CVE-2025-43563 was published May 13, 2025
Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a... Critical Unreviewed
CVE-2025-28104 was published Apr 21, 2025
Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint. Critical Unreviewed
CVE-2024-48905 was published May 2, 2025
Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted... Critical Unreviewed
CVE-2025-45612 was published May 5, 2025
Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to... Critical Unreviewed
CVE-2025-45611 was published May 5, 2025
Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain... Critical Unreviewed
CVE-2025-45615 was published May 5, 2025
VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A... Critical Unreviewed
CVE-2022-31687 was published Nov 10, 2022
Carel Boss Mini 1.5.0 has Improper Access Control. Critical Unreviewed
CVE-2022-34827 was published Nov 19, 2022
There is an access control vulnerability in some ZTE PON OLT products. Due to improper access... Critical Unreviewed
CVE-2022-39070 was published Nov 22, 2022
Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows unauthorized attackers to... Critical Unreviewed
CVE-2025-28231 was published Apr 18, 2025
Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and System v2.2.15 allows... Critical Unreviewed
CVE-2025-28229 was published Apr 21, 2025
Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000,... Critical Unreviewed
CVE-2025-28233 was published Apr 18, 2025
Incorrect access control in the HOME.php endpoint of JMBroadcast JMB0150 Firmware v1.0 allows... Critical Unreviewed
CVE-2025-28232 was published Apr 21, 2025
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by... Critical Unreviewed
CVE-2014-3624 was published May 17, 2022
Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the ... Critical Unreviewed
CVE-2014-9148 was published May 17, 2022
An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL... Critical Unreviewed
CVE-2017-7928 was published May 13, 2022
AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites... Critical Unreviewed
CVE-2015-2692 was published May 17, 2022
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to... Critical Unreviewed
CVE-2016-9412 was published May 17, 2022
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When... Critical Unreviewed
CVE-2015-4594 was published May 14, 2022
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via... Critical Unreviewed
CVE-2016-8606 was published May 17, 2022
Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt... Critical Unreviewed
CVE-2025-25948 was published Mar 3, 2025
Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 131.0... Critical Unreviewed
CVE-2025-1568 was published Apr 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database