Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,679
Erlang
34
GitHub Actions
26
Go
2,266
Maven
5,000+
npm
3,922
NuGet
705
pip
3,686
Pub
12
RubyGems
916
Rust
944
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,610 advisories

Loading
Magento Improper Authorization vulnerability Moderate
CVE-2025-27188 was published for magento/community-edition (Composer) Apr 8, 2025
Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from... Moderate Unreviewed
CVE-2022-3413 was published Nov 10, 2022
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are... High Unreviewed
CVE-2022-40773 was published Nov 12, 2022
An attacker with local access to the system can make unauthorized modifications of the security... High Unreviewed
CVE-2021-26360 was published Jul 6, 2023
NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged... High Unreviewed
CVE-2025-23244 was published May 1, 2025
OpenFGA Authorization Bypass Moderate
CVE-2025-46331 was published for github.com/openfga/openfga (Go) Apr 30, 2025
avinashs433
XWiki uses the wrong wiki reference in AuthorizationManager High
CVE-2025-29924 was published for org.xwiki.platform:xwiki-platform-security-authorization-api (Maven) Mar 19, 2025
XWiki allows remote code execution through the extension sheet Critical
CVE-2024-55662 was published for org.xwiki.platform:xwiki-platform-repository-server-ui (Maven) Dec 12, 2024
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating... Moderate Unreviewed
CVE-2021-25920 was published May 24, 2022
Solr script service doesn't take dropped programming right into account Low
CVE-2025-32971 was published for org.xwiki.platform:xwiki-platform-search-solr-api (Maven) Apr 29, 2025
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of... Moderate Unreviewed
CVE-2024-20291 was published Feb 29, 2024
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the... Low Unreviewed
CVE-2022-42903 was published Nov 18, 2022
Carel Boss Mini 1.5.0 has Improper Access Control. Critical Unreviewed
CVE-2022-34827 was published Nov 19, 2022
In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a... High Unreviewed
CVE-2023-40117 was published Oct 27, 2023
Drupal Two-factor Authentication (TFA) Vulnerable to Forceful Browsing High
CVE-2025-31694 was published for drupal/tfa (Composer) Apr 1, 2025
Drupal Core Vulnerable to Forceful Browsing Moderate
CVE-2025-31673 was published for drupal/core (Composer) Apr 1, 2025
The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated... Critical Unreviewed
CVE-2022-41326 was published Nov 22, 2022
Bookgy does not provide for proper authorisation control in multiple areas of the application.... Critical Unreviewed
CVE-2025-40619 was published Apr 29, 2025
An authentication issue was addressed with improved state management. This issue is fixed in... High Unreviewed
CVE-2025-24206 was published Apr 29, 2025
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create... Moderate Unreviewed
CVE-2025-43921 was published Apr 20, 2025
oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid... Critical Unreviewed
CVE-2024-56431 was published Dec 25, 2024
Moodle allows IDOR when accessing the cohorts report Moderate
CVE-2025-3647 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle has an IDOR in messaging web service which allows access to some user details Moderate
CVE-2025-3645 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle's AJAX section delete does not respect course_can_delete_section() Moderate
CVE-2025-3644 was published for moodle/moodle (Composer) Apr 25, 2025
OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations.... Moderate Unreviewed
CVE-2025-27370 was published Mar 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database