Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

136 advisories

Loading
An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.4,... Low Unreviewed
CVE-2025-59923 was published Dec 9, 2025
open-webui is Vulnerable to Incorrect Access Control Low
CVE-2025-63681 was published for open-webui (pip) Dec 4, 2025
Mattermost fails to validate user permissions in Boards Low
CVE-2025-13870 was published for github.com/mattermost/mattermost (Go) Dec 2, 2025
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and... Low Unreviewed
CVE-2025-31216 was published Nov 22, 2025
Improper access control for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User... Low Unreviewed
CVE-2025-32037 was published Nov 11, 2025
Improper access control for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within... Low Unreviewed
CVE-2025-24314 was published Nov 11, 2025
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect Low
CVE-2024-30261 was published for undici (npm) Apr 4, 2024
Uzlopak
Credited to Uzlopak
A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An... Low Unreviewed
CVE-2025-43309 was published Nov 4, 2025
This issue was addressed by restricting options offered on a locked device. This issue is fixed... Low Unreviewed
CVE-2024-40822 was published Jul 30, 2024
This issue was addressed by restricting options offered on a locked device. This issue is fixed... Low Unreviewed
CVE-2025-43408 was published Nov 4, 2025
This issue was addressed with improved authentication. This issue is fixed in iOS 18.4 and iPadOS... Low Unreviewed
CVE-2025-24193 was published Apr 1, 2025
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition... Low Unreviewed
CVE-2025-61748 was published Oct 21, 2025
Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that... Low Unreviewed
CVE-2025-61749 was published Oct 21, 2025
Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that... Low Unreviewed
CVE-2025-27238 was published Sep 12, 2025
IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an... Low Unreviewed
CVE-2024-35122 was published Jan 24, 2025
Vite middleware may serve files starting with the same name with the public directory Low
CVE-2025-58751 was published for vite (npm) Sep 9, 2025
orihjfrog lukeed
Credited to orihjfrog and lukeed
Vite's `server.fs` settings were not applied to HTML files Low
CVE-2025-58752 was published for vite (npm) Sep 9, 2025
orihjfrog dominikg
Credited to orihjfrog and dominikg
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app... Low Unreviewed
CVE-2024-44271 was published Aug 29, 2025
Improper access control for some Edge Orchestrator software before version 24.11.1 for Intel(R)... Low Unreviewed
CVE-2025-24840 was published Aug 12, 2025
Withdrawn Advisory: JHipster allows privilege escalation via a modified authorities parameter Low
CVE-2025-43712 was published for generator-jhipster (npm) Jul 25, 2025 withdrawn
Mattermost did not properly restrict channel creation Low
CVE-2024-39837 was published for github.com/mattermost/mattermost-server (Go) Aug 1, 2024
In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated... Low Unreviewed
CVE-2025-44657 was published Jul 21, 2025
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). ... Low Unreviewed
CVE-2025-50081 was published Jul 15, 2025
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Access... Low Unreviewed
CVE-2025-49546 was published Jul 8, 2025
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS... Low Unreviewed
CVE-2023-28197 was published Jan 11, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database