Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

717 advisories

Loading
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An... High Unreviewed
CVE-2025-31249 was published May 13, 2025
Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges... Critical Unreviewed
CVE-2025-29827 was published May 9, 2025
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a... Critical Unreviewed
CVE-2025-4104 was published May 7, 2025
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized... High Unreviewed
CVE-2025-3921 was published May 7, 2025
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access... Moderate Unreviewed
CVE-2025-3924 was published May 7, 2025
Inspektor Gadget Security Policies Can be Bypassed Moderate
GHSA-pv22-fqcj-7xwh was published for github.com/inspektor-gadget/inspektor-gadget (Go) May 6, 2025
The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper... Critical Unreviewed
CVE-2025-3918 was published May 3, 2025
Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor Moderate
CVE-2025-4210 was published for github.com/casdoor/casdoor (Go) May 2, 2025
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2025-30392 was published Apr 30, 2025
Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. Critical Unreviewed
CVE-2025-30390 was published Apr 30, 2025
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate... High Unreviewed
CVE-2025-30389 was published Apr 30, 2025
The lesscss script service allows cache clearing without programming right Low
CVE-2025-32972 was published for org.xwiki.platform:xwiki-platform-lesscss-script (Maven) Apr 29, 2025
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module. High Unreviewed
CVE-2025-32982 was published Apr 25, 2025
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function... Critical Unreviewed
CVE-2025-29659 was published Apr 21, 2025
NATS Server may fail to authorize certain Jetstream admin APIs Critical
CVE-2025-30215 was published for github.com/nats-io/nats-server/v2 (Go) Apr 15, 2025
zarqman
Private Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and... Moderate Unreviewed
CVE-2023-42973 was published Apr 11, 2025
Magento Improper Authorization vulnerability Moderate
CVE-2025-27188 was published for magento/community-edition (Composer) Apr 8, 2025
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute... High Unreviewed
CVE-2025-29794 was published Apr 8, 2025
Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value Moderate
CVE-2025-30373 was published for org.graylog2:graylog2-server (Maven) Apr 7, 2025
fabsx00
A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege... Moderate Unreviewed
CVE-2025-28131 was published Apr 1, 2025
Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges... High Unreviewed
CVE-2025-26683 was published Apr 1, 2025
Insecure Direct Object References (IDOR) in access control in Tracking 2.1.4 on NightWolf... High Unreviewed
CVE-2025-3014 was published Mar 31, 2025
Insecure Direct Object References (IDOR) in access control in Customer Portal before 2.1.4 on... High Unreviewed
CVE-2025-3013 was published Mar 31, 2025
Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows... Moderate Unreviewed
CVE-2025-2600 was published Mar 26, 2025
Improper authorization in application password policy in Devolutions Remote Desktop Manager on... Low Unreviewed
CVE-2025-2528 was published Mar 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database