Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

1,058 advisories

Loading
A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated... High Unreviewed
CVE-2026-0713 was published Jan 15, 2026
Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0... High Unreviewed
CVE-2025-66005 was published Jan 14, 2026
Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization... High Unreviewed
CVE-2026-21274 was published Jan 13, 2026
Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated... High Unreviewed
CVE-2025-41078 was published Jan 12, 2026
Ghost has Staff Token permission bypass High
CVE-2026-22595 was published for ghost (npm) Jan 8, 2026
odgrso
Credited to odgrso
OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft... High Unreviewed
CVE-2026-22230 was published Jan 8, 2026
iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that... High Unreviewed
CVE-2020-36920 was published Jan 6, 2026
Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a ... High Unreviewed
CVE-2025-69414 was published Jan 2, 2026
Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler... High Unreviewed
CVE-2025-59683 was published Dec 25, 2025
V-SOL GPON/EPON OLT Platform v2.03 contains a privilege escalation vulnerability that allows... High Unreviewed
CVE-2019-25237 was published Dec 24, 2025
Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated... High Unreviewed
CVE-2018-25146 was published Dec 24, 2025
A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS.... High Unreviewed
CVE-2025-2515 was published Dec 24, 2025
KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential High
CVE-2025-68476 was published for github.com/kedacore/keda/v2 (Go) Dec 22, 2025
Memory corruption while loading an invalid firmware in boot loader. High Unreviewed
CVE-2025-47382 was published Dec 18, 2025
ListCheck.exe developed by Acer has a Local Privilege Escalation vulnerability. Authenticated... High Unreviewed
CVE-2025-14305 was published Dec 17, 2025
Liferay Portal and DXP Instance Admin can execute code using Objects Actions and Validations High
CVE-2025-3586 was published for com.liferay:com.liferay.object.service (Maven) Dec 12, 2025
Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands High
CVE-2025-66623 was published for io.strimzi:strimzi (Maven) Dec 5, 2025
scholzj ppatierno
im-konge
Credited to scholzj, ppatierno, and im-konge
Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in... High Unreviewed
CVE-2025-13829 was published Dec 1, 2025
trytond does not enforce access rights for the route of the HTML editor. High
CVE-2025-66423 was published for trytond (pip) Nov 30, 2025
SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with... High Unreviewed
CVE-2025-62730 was published Nov 20, 2025
OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization. High
CVE-2025-65073 was published for keystone (pip) Nov 17, 2025
Apollo Federation has Improper Enforcement of Access Control on Transitive Fields High
GHSA-m8jr-fxqx-8xx6 was published for @apollo/composition (npm) Nov 14, 2025
dariuszkuc
Credited to dariuszkuc
Fujitsu iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is... High Unreviewed
CVE-2025-65002 was published Nov 12, 2025
Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability.... High Unreviewed
CVE-2025-61830 was published Nov 11, 2025
A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users... High Unreviewed
CVE-2025-11862 was published Nov 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database