Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9,966 advisories

Loading
On affected platforms, restricted users could view sensitive portions of the config database via... Moderate Unreviewed
CVE-2025-54548 was published Oct 30, 2025
LiteLLM Information health API_KEY Information Disclosure Vulnerability. This vulnerability... Low Unreviewed
CVE-2025-11203 was published Oct 29, 2025
In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules are improperly enforced on... Moderate Unreviewed
CVE-2025-12148 was published Oct 29, 2025
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security (FLS) rules are improperly... Moderate Unreviewed
CVE-2025-12147 was published Oct 29, 2025
An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized... High Unreviewed
CVE-2025-60805 was published Oct 28, 2025
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. The impacted element is an... Moderate Unreviewed
CVE-2025-11639 was published Oct 12, 2025
Reolink Video Doorbell Wi-Fi DB_566128M5MP_W stores and transmits DDNS credentials in plaintext... High Unreviewed
CVE-2025-60858 was published Oct 28, 2025
A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is... Low Unreviewed
CVE-2025-11644 was published Oct 12, 2025
NextAuthjs Email misdelivery Vulnerability Moderate
GHSA-5jpx-9hw9-2fx4 was published for next-auth (npm) Oct 29, 2025
rootxjs
Credited to rootxjs
The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions... Moderate Unreviewed
CVE-2023-7320 was published Oct 29, 2025
A vulnerability was found in Intelbras InControl 2.21.60.9 and classified as problematic. This... Low Unreviewed
CVE-2025-8515 was published Aug 4, 2025
TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp... High Unreviewed
CVE-2025-27225 was published Oct 27, 2025
StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain a hardcoded AES key which... High Unreviewed
CVE-2025-52268 was published Oct 27, 2025
BBOT's gitlab.py exposes globally configured "gitlab" API key Moderate
CVE-2025-10282 was published for bbot (pip) Oct 27, 2025
justinsteven
Credited to justinsteven
Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on... High Unreviewed
CVE-2025-61482 was published Oct 27, 2025
An issue in MikroTik RouterOS v.7.14.2 and SwitchOS v.2.18 allows a remote attacker to execute... Critical Unreviewed
CVE-2025-61481 was published Oct 27, 2025
A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the... Moderate Unreviewed
CVE-2025-12297 was published Oct 27, 2025
A vulnerability was detected in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca.... Moderate Unreviewed
CVE-2025-12276 was published Oct 27, 2025
The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress... Moderate Unreviewed
CVE-2025-11760 was published Oct 25, 2025
Moodle exposed the names of hidden groups to users Moderate
CVE-2025-62400 was published for moodle/moodle (Composer) Oct 23, 2025
Jberet: jberet-core logging database credentials Moderate
CVE-2024-1102 was published for org.jberet:jberet-core (Maven) Apr 25, 2024
Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of... High Unreviewed
CVE-2025-11145 was published Oct 24, 2025
Captive Portal can expose sensitive information High Unreviewed
CVE-2025-6980 was published Oct 23, 2025
An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job... Moderate Unreviewed
CVE-2025-54966 was published Oct 23, 2025
Rancher sends sensitive information to external services through the `/meta/proxy` endpoint Moderate
CVE-2025-54468 was published for github.com/rancher/rancher (Go) Sep 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database