Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

325 advisories

Loading
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment... Critical Unreviewed
CVE-2022-48283 was published Feb 27, 2023
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment... Critical Unreviewed
CVE-2022-48284 was published Feb 27, 2023
IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations Critical
CVE-2025-27507 was published for github.com/zitadel/zitadel (Go) Mar 4, 2025
amit-laish livio-a
fforootd adlerhurst
Improper Authorization vulnerability in Magento and Adobe Commerce Critical
CVE-2025-24434 was published for magento/community-edition (Composer) Feb 11, 2025
ihor-sviziev
Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2... Critical Unreviewed
CVE-2023-28611 was published Mar 23, 2023
Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before... Critical Unreviewed
CVE-2022-25899 was published Aug 19, 2022
Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress. Critical Unreviewed
CVE-2022-41155 was published Nov 19, 2022
An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack... Critical Unreviewed
CVE-2023-26829 was published Mar 31, 2023
Apache Submarine Server Core Incorrect Authorization vulnerability Critical
CVE-2024-36265 was published for apache-submarine (Maven) Jun 12, 2024
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this... Critical Unreviewed
CVE-2020-2506 was published May 24, 2022
The issue was addressed by removing the relevant flags. This issue is fixed in watchOS 11.2, iOS... Critical Unreviewed
CVE-2024-54512 was published Jan 28, 2025
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile... Critical Unreviewed
CVE-2025-21556 was published Jan 21, 2025
An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows attackers to bypass... Critical Unreviewed
CVE-2024-53553 was published Jan 17, 2025
Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products... Critical Unreviewed
CVE-2023-27388 was published May 23, 2023
The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a... Critical Unreviewed
CVE-2023-23304 was published May 23, 2023
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business... Critical Unreviewed
CVE-2022-26143 was published Mar 11, 2022
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360... Critical Unreviewed
CVE-2022-29081 was published Apr 29, 2022
Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue... Critical Unreviewed
CVE-2024-13281 was published Jan 9, 2025
Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows... Critical Unreviewed
CVE-2024-13258 was published Jan 9, 2025
Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows... Critical Unreviewed
CVE-2024-13253 was published Jan 9, 2025
Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue... Critical Unreviewed
CVE-2024-13277 was published Jan 9, 2025
Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue... Critical Unreviewed
CVE-2024-13278 was published Jan 9, 2025
lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members... Critical Unreviewed
CVE-2024-1741 was published Apr 10, 2024
An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network... Critical Unreviewed
CVE-2023-27716 was published Jun 12, 2023
Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method. Critical Unreviewed
CVE-2023-32220 was published Jun 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database