Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

334 advisories

Loading
Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root... Critical Unreviewed
CVE-2025-13184 was published Dec 10, 2025
The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to... Critical Unreviewed
CVE-2024-5539 was published Nov 27, 2025
Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and... Critical Unreviewed
CVE-2025-55469 was published Nov 26, 2025
lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper... Critical Unreviewed
CVE-2025-9803 was published Nov 25, 2025
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows... Critical Unreviewed
CVE-2025-41346 was published Nov 18, 2025
Due to an insufficient access control implementation in multiple WSO2 Products, authentication... Critical Unreviewed
CVE-2025-10611 was published Oct 16, 2025
IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004... Critical Unreviewed
CVE-2025-36157 was published Aug 24, 2025
Capsule tenant owners with "patch namespace" permission can hijack system namespaces label Critical
CVE-2025-55205 was published for github.com/projectcapsule/capsule (Go) Aug 18, 2025
b0b0haha
Credited to b0b0haha
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration... Critical Unreviewed
CVE-2025-54253 was published Aug 5, 2025
An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud... Critical Unreviewed
CVE-2025-29757 was published Jul 19, 2025
XWiki Rendering is vulnerable to RCE attacks when processing nested macros Critical
CVE-2025-53836 was published for org.xwiki.rendering:xwiki-rendering-transformation-macro (Maven) Jul 14, 2025
renniepak
Credited to renniepak
Cryptographic issue occurs due to use of insecure connection method while downloading. Critical Unreviewed
CVE-2025-21450 was published Jul 8, 2025
The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1... Critical Unreviewed
CVE-2025-26850 was published Jul 5, 2025
The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has... Critical Unreviewed
CVE-2025-53391 was published Jun 29, 2025
Teleport allows remote authentication bypass Critical
CVE-2025-49825 was published for github.com/gravitational/teleport (Go) Jun 16, 2025
In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission... Critical Unreviewed
CVE-2025-20674 was published Jun 2, 2025
An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote... Critical Unreviewed
CVE-2025-48757 was published May 30, 2025
An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic... Critical Unreviewed
CVE-2024-6914 was published May 22, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect... Critical Unreviewed
CVE-2025-43561 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access... Critical Unreviewed
CVE-2025-43564 was published May 13, 2025
Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges... Critical Unreviewed
CVE-2025-29827 was published May 9, 2025
On an F5OS system, if the root user had previously configured the system to allow login via SSH... Critical Unreviewed
CVE-2025-36546 was published May 8, 2025
Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability... Critical Unreviewed
CVE-2025-3476 was published May 7, 2025
Bookgy does not provide for proper authorisation control in multiple areas of the application.... Critical Unreviewed
CVE-2025-40619 was published Apr 29, 2025
Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension... Critical Unreviewed
CVE-2025-32068 was published Apr 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database