GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 28,553
Composer 5,554
Erlang 49
GitHub Actions 49
Go 3,426
Maven 6,365
npm 5,645
NuGet 882
pip 4,670
Pub 13
RubyGems 1,029
Rust 1,212
Swift 53

Unreviewed advisories

All unreviewed 296,666

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

63 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges... Critical Unreviewed

CVE-2026-32213 was published Apr 3, 2026

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to... Critical Unreviewed

CVE-2026-33105 was published Apr 3, 2026

The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements a broken authentication... Critical Unreviewed

CVE-2026-30702 was published Mar 18, 2026

Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk... Critical Unreviewed

CVE-2026-30793 was published Mar 5, 2026

It was identified that under certain specific preconditions, an API key that was originally... Critical Unreviewed

CVE-2024-37282 was published Jan 30, 2026

Azure Entra ID Elevation of Privilege Vulnerability Critical Unreviewed

CVE-2026-24305 was published Jan 23, 2026

Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate... Critical Unreviewed

CVE-2025-65041 was published Dec 19, 2025

PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers... Critical Unreviewed

CVE-2023-53895 was published Dec 16, 2025

In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not... Critical Unreviewed

CVE-2025-58386 was published Dec 2, 2025

In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System... Critical Unreviewed

CVE-2025-63691 was published Nov 7, 2025

An authorization issue was addressed with improved state management. This issue is fixed in tvOS... Critical Unreviewed

CVE-2025-31255 was published Sep 16, 2025

Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate... Critical Unreviewed

CVE-2025-53795 was published Aug 21, 2025

The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to... Critical Unreviewed

CVE-2025-7778 was published Aug 15, 2025

Azure Portal Elevation of Privilege Vulnerability Critical Unreviewed

CVE-2025-53792 was published Aug 7, 2025

Improper authorization in Azure Machine Learning allows an authorized attacker to elevate... Critical Unreviewed

CVE-2025-49746 was published Jul 18, 2025

The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing... Critical Unreviewed

CVE-2025-4631 was published May 31, 2025

Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges... Critical Unreviewed

CVE-2025-29827 was published May 9, 2025

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a... Critical Unreviewed

CVE-2025-4104 was published May 7, 2025

The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper... Critical Unreviewed

CVE-2025-3918 was published May 3, 2025

Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. Critical Unreviewed

CVE-2025-30390 was published Apr 30, 2025

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate... Critical Unreviewed

CVE-2025-30392 was published Apr 30, 2025

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function... Critical Unreviewed

CVE-2025-29659 was published Apr 21, 2025

In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control,... Critical Unreviewed

CVE-2024-9095 was published Mar 20, 2025

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid... Critical Unreviewed

CVE-2025-20125 was published Feb 5, 2025

Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common... Critical Unreviewed

CVE-2024-13241 was published Jan 9, 2025

Previous1…3 Next

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

63 advisories