Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,679
Erlang
34
GitHub Actions
26
Go
2,268
Maven
5,000+
npm
3,923
NuGet
705
pip
3,686
Pub
12
RubyGems
916
Rust
944
Swift
38
Unreviewed advisories
All unreviewed
5,000+

308 advisories

Loading
Bookgy does not provide for proper authorisation control in multiple areas of the application.... Critical Unreviewed
CVE-2025-40619 was published Apr 29, 2025
Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension... Critical Unreviewed
CVE-2025-32068 was published Apr 11, 2025
Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of... Critical Unreviewed
CVE-2024-38392 was published Apr 2, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Critical Unreviewed
CVE-2025-24233 was published Apr 1, 2025
Improper permission control vulnerability in the OXARI ServiceDesk application could allow an... Critical Unreviewed
CVE-2025-1542 was published Mar 26, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368... Critical Unreviewed
CVE-2025-27645 was published Mar 5, 2025
IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations Critical
CVE-2025-27507 was published for github.com/zitadel/zitadel (Go) Mar 4, 2025
amit-laish livio-a
fforootd adlerhurst
Improper Authorization vulnerability in Magento and Adobe Commerce Critical
CVE-2025-24434 was published for magento/community-edition (Composer) Feb 11, 2025
ihor-sviziev
macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys... Critical Unreviewed
CVE-2024-57432 was published Jan 31, 2025
SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on... Critical Unreviewed
CVE-2024-47857 was published Jan 31, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, watchOS... Critical Unreviewed
CVE-2024-54530 was published Jan 28, 2025
The issue was addressed by removing the relevant flags. This issue is fixed in watchOS 11.2, iOS... Critical Unreviewed
CVE-2024-54512 was published Jan 28, 2025
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile... Critical Unreviewed
CVE-2025-21556 was published Jan 21, 2025
WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application... Critical Unreviewed
CVE-2024-57032 was published Jan 17, 2025
An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows attackers to bypass... Critical Unreviewed
CVE-2024-53553 was published Jan 17, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and... Critical Unreviewed
CVE-2024-44136 was published Jan 15, 2025
Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue... Critical Unreviewed
CVE-2024-13278 was published Jan 9, 2025
Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue... Critical Unreviewed
CVE-2024-13277 was published Jan 9, 2025
Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue... Critical Unreviewed
CVE-2024-13281 was published Jan 9, 2025
Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows... Critical Unreviewed
CVE-2024-13258 was published Jan 9, 2025
Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows... Critical Unreviewed
CVE-2024-13253 was published Jan 9, 2025
oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid... Critical Unreviewed
CVE-2024-56431 was published Dec 25, 2024
Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android... Critical Unreviewed
CVE-2023-4617 was published Dec 19, 2024
Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf... Critical Unreviewed
CVE-2024-54662 was published Dec 17, 2024
XWiki allows remote code execution through the extension sheet Critical
CVE-2024-55662 was published for org.xwiki.platform:xwiki-platform-repository-server-ui (Maven) Dec 12, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database