Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

16 advisories

Loading
Improper Neutralization of Wildcards or Matching Symbols Moderate
CVE-2019-3802 was published for org.springframework.data:spring-data-jpa (Maven) Jun 4, 2019
Lookup operations do not take into account wildcards in SpiceDB High
CVE-2022-21646 was published for github.com/authzed/spicedb (Go) Jan 13, 2022
vroldanbet Credited to vroldanbet
It's possible to craft Lost Password requests with wildcards in the Token value, which allows... Moderate Unreviewed
CVE-2020-1772 was published May 24, 2022
An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS... Moderate Unreviewed
CVE-2024-8688 was published Sep 11, 2024
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip... Moderate Unreviewed
CVE-2024-0055 was published Mar 19, 2024
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list... Moderate Unreviewed
CVE-2024-0054 was published Mar 19, 2024
Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi... Moderate Unreviewed
CVE-2024-6509 was published Sep 10, 2024
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to... High Unreviewed
CVE-2024-47791 was published Dec 6, 2024
The Cloud MQTT service of the affected products supports wildcard topic subscription which could... Moderate Unreviewed
CVE-2025-0681 was published Jan 30, 2025
KubeWarden's AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resources Moderate
CVE-2025-24376 was published for github.com/kubewarden/kubewarden-controller (Go) Jan 30, 2025
flavio Credited to flavio
laravel-crud-wizard-free has File Validation Bypass Moderate
GHSA-3wgq-h4fr-cwg5 was published for macropay-solutions/laravel-crud-wizard-free (Composer) Mar 12, 2025
Laravel has a File Validation Bypass Moderate
CVE-2025-27515 was published for laravel/framework (Composer) Mar 5, 2025
Jusb3 Credited to Jusb3, TrixterTheTux, and tcytra TrixterTheTux TrixterTheTux
tcytra tcytra
An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto... High Unreviewed
CVE-2025-4232 was published Jun 13, 2025
The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to... High Unreviewed
CVE-2025-11757 was published Oct 21, 2025
A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated... Moderate Unreviewed
CVE-2025-0106 was published Jan 11, 2025
AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN High
GHSA-394x-vwmw-crm3 was published for aws-lc-sys (Rust) Mar 20, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database