Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,757
Maven
5,000+
npm
4,363
NuGet
766
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

27,784 advisories

Loading
The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to... Critical Unreviewed
CVE-2025-63207 was published Nov 19, 2025
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An... Critical Unreviewed
CVE-2025-13315 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... Critical Unreviewed
CVE-2025-34328 was published Nov 19, 2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23... Critical Unreviewed
CVE-2025-34329 was published Nov 19, 2025
The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper... Critical Unreviewed
CVE-2025-63224 was published Nov 19, 2025
The Axel Technology StreamerMAX MK II devices (firmware versions 0.8.5 to 1.0.3) are vulnerable... Critical Unreviewed
CVE-2025-63223 was published Nov 19, 2025
Legacy Vivotek Device firmware uses default credetials for the root and user login accounts. Critical Unreviewed
CVE-2025-12592 was published Nov 19, 2025
The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable... Critical Unreviewed
CVE-2025-63218 was published Nov 19, 2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Critical Unreviewed
CVE-2025-10437 was published Nov 19, 2025
Apache Causeway vulnerable to deserialization in Java Critical
CVE-2025-64408 was published for org.apache.causeway.commons:causeway-commons (Maven) Nov 19, 2025
When the service of ABP and AES is installed in a directory writable by non-administrative users,... Critical Unreviewed
CVE-2025-13051 was published Nov 19, 2025
The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as... Critical Unreviewed
CVE-2025-12057 was published Nov 19, 2025
The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to... Critical Unreviewed
CVE-2025-63216 was published Nov 19, 2025
The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authentication Bypass due to improper... Critical Unreviewed
CVE-2025-63217 was published Nov 19, 2025
The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an... Critical Unreviewed
CVE-2025-63228 was published Nov 18, 2025
The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vulnerable to Broken Access... Critical Unreviewed
CVE-2025-63225 was published Nov 18, 2025
Modular Max Serve has Unsafe Deserialization vulnerability Critical
CVE-2025-60455 was published for modular (pip) Nov 18, 2025
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password... Critical Unreviewed
CVE-2025-54321 was published Nov 18, 2025
DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in /dzz/system/ueditor/php... Critical Unreviewed
CVE-2025-63695 was published Nov 18, 2025
An arbitrary file upload vulnerability in the /php/UploadHandler.php component of RichFilemanager... Critical Unreviewed
CVE-2025-63994 was published Nov 18, 2025
Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user... Critical Unreviewed
CVE-2025-56643 was published Nov 18, 2025
DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer/groupmanage. Critical Unreviewed
CVE-2025-63694 was published Nov 18, 2025
Eclipse Jersey has a Race Condition Critical
CVE-2025-12383 was published for org.glassfish.jersey.core:jersey-client (Maven) Nov 18, 2025
irene221b
Credited to irene221b
joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads Critical
CVE-2025-65015 was published for joserfc (pip) Nov 18, 2025
ixunio
Credited to ixunio
A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation... Critical Unreviewed
CVE-2025-9312 was published Nov 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database