Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

2,952 advisories

Loading
A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function... Low Unreviewed
CVE-2025-15124 was published Dec 28, 2025
A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the... Low Unreviewed
CVE-2025-15123 was published Dec 28, 2025
A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the... Low Unreviewed
CVE-2025-15120 was published Dec 28, 2025
A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function... Low Unreviewed
CVE-2025-15122 was published Dec 28, 2025
A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function... Low Unreviewed
CVE-2025-15119 was published Dec 28, 2025
Gitea mishandles authorization for deletion of releases Moderate
CVE-2025-68938 was published for code.gitea.io/gitea (Go) Dec 26, 2025
Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources Moderate
CVE-2025-68941 was published for code.gitea.io/gitea (Go) Dec 26, 2025
Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. Low
CVE-2025-68940 was published for code.gitea.io/gitea (Go) Dec 26, 2025
A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the... Moderate Unreviewed
CVE-2025-15085 was published Dec 25, 2025
Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler... High Unreviewed
CVE-2025-59683 was published Dec 25, 2025
Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP... Moderate Unreviewed
CVE-2025-66378 was published Dec 25, 2025
V-SOL GPON/EPON OLT Platform v2.03 contains a privilege escalation vulnerability that allows... High Unreviewed
CVE-2019-25237 was published Dec 24, 2025
Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated... High Unreviewed
CVE-2018-25146 was published Dec 24, 2025
A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS.... High Unreviewed
CVE-2025-2515 was published Dec 24, 2025
Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues Moderate
CVE-2025-13767 was published for github.com/mattermost/mattermost-server (Go) Dec 24, 2025
Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin Moderate
CVE-2025-64641 was published for github.com/mattermost/mattermost-server (Go) Dec 24, 2025
KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential High
CVE-2025-68476 was published for github.com/kedacore/keda/v2 (Go) Dec 22, 2025
Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by... Moderate Unreviewed
CVE-2025-68422 was published Dec 19, 2025
Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by... Moderate Unreviewed
CVE-2025-68386 was published Dec 19, 2025
Improper access checks in M-Files Server before 25.12 allows users to download files through M... Moderate Unreviewed
CVE-2025-14318 was published Dec 18, 2025
Memory corruption while loading an invalid firmware in boot loader. High Unreviewed
CVE-2025-47382 was published Dec 18, 2025
The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all... Moderate Unreviewed
CVE-2025-14081 was published Dec 17, 2025
Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation Moderate
CVE-2025-13324 was published for github.com/mattermost/mattermost (Go) Dec 17, 2025
Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency Moderate
GHSA-vvg7-8rmq-92g7 was published for auth0/wordpress (Composer) Dec 17, 2025
Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK Moderate
GHSA-f3r2-88mq-9v4g was published for auth0/symfony (Composer) Dec 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database