Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,912
Erlang
39
GitHub Actions
38
Go
2,569
Maven
5,000+
npm
4,245
NuGet
754
pip
4,006
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

58 advisories

Loading
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting... Low Unreviewed
CVE-2025-8053 was published Oct 20, 2025
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting... Low Unreviewed
CVE-2025-8049 was published Oct 20, 2025
ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of... Moderate Unreviewed
CVE-2025-54461 was published Oct 16, 2025
Improper authorization in zenml Moderate
CVE-2024-2035 was published for zenml (pip) Jun 6, 2024
Kimai API returns timesheet entries a user should not be authorized to view Moderate
CVE-2024-29200 was published for kimai/kimai (Composer) Mar 29, 2024
AstroGD
Credited to AstroGD
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This... Critical Unreviewed
CVE-2025-7493 was published Sep 30, 2025
Improper input validation in the system management mode (SMM) could allow a privileged attacker... High Unreviewed
CVE-2024-21947 was published Sep 6, 2025
Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM,... High Unreviewed
CVE-2023-31342 was published Feb 12, 2025
Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM,... High Unreviewed
CVE-2023-31343 was published Feb 12, 2025
Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows®... Moderate Unreviewed
CVE-2024-21971 was published Feb 12, 2025
HCL Connections contains a broken access control vulnerability that may allow unauthorized user... Low Unreviewed
CVE-2025-31961 was published Aug 15, 2025
An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1... Low Unreviewed
CVE-2025-2498 was published Aug 13, 2025
Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable... High Unreviewed
CVE-2025-22839 was published Aug 12, 2025
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The... Critical Unreviewed
CVE-2025-4404 was published Jun 17, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1... Moderate Unreviewed
CVE-2025-7001 was published Jul 25, 2025
A vulnerability has been identified in the Now Platform that could result in data being inferred... High Unreviewed
CVE-2025-3648 was published Jul 8, 2025
A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3... Moderate Unreviewed
CVE-2025-27026 was published Jul 2, 2025
Withdrawn Advisory: Lunary information disclosure vulnerability Moderate
CVE-2024-6867 was published for lunary (npm) Sep 13, 2024 withdrawn
hughcrt
Credited to hughcrt
An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11... Low Unreviewed
CVE-2025-5982 was published Jun 12, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In... Low Unreviewed
CVE-2025-1110 was published May 22, 2025
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before... Moderate Unreviewed
CVE-2025-4979 was published May 22, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17... Moderate Unreviewed
CVE-2025-1278 was published May 9, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17... Moderate Unreviewed
CVE-2025-2408 was published Apr 10, 2025
Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP. High Unreviewed
CVE-2024-33058 was published Apr 7, 2025
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0... High Unreviewed
CVE-2025-29987 was published Apr 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database