Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,005 advisories

Loading
tendermint-rs's Light Client Verifier allows malicious validators to spoof votes from other validators High
GHSA-6jrf-4jv4-r9mw was published for tendermint-light-client-verifier (Rust) Apr 9, 2025
felix-asym
GraphQL query operations security can be bypassed High
CVE-2025-31481 was published for api-platform/core (Composer) Apr 4, 2025
soyuka ausi
alanpoulain
This issue was addressed with improved data access restriction. This issue is fixed in visionOS 2... High Unreviewed
CVE-2025-24221 was published Apr 1, 2025
Drupal Two-factor Authentication (TFA) Vulnerable to Forceful Browsing High
CVE-2025-31694 was published for drupal/tfa (Composer) Apr 1, 2025
HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x before 24.0.6, and 24.6.x before... High Unreviewed
CVE-2025-30093 was published Mar 27, 2025
An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior... High Unreviewed
CVE-2025-2242 was published Mar 27, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14... High Unreviewed
CVE-2024-44305 was published Mar 21, 2025
A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low... High Unreviewed
CVE-2024-10109 was published Mar 20, 2025
XWiki uses the wrong wiki reference in AuthorizationManager High
CVE-2025-29924 was published for org.xwiki.platform:xwiki-platform-security-authorization-api (Maven) Mar 19, 2025
Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows... High Unreviewed
CVE-2025-30074 was published Mar 16, 2025
This vulnerability exists in the CAP back office application due to improper authorization checks... High Unreviewed
CVE-2025-29997 was published Mar 13, 2025
An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow... High Unreviewed
CVE-2024-45328 was published Mar 11, 2025
An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows... High Unreviewed
CVE-2025-27822 was published Mar 8, 2025
Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an... High Unreviewed
CVE-2025-2003 was published Mar 5, 2025
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a... High Unreviewed
CVE-2025-0359 was published Mar 4, 2025
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a... High Unreviewed
CVE-2025-0360 was published Mar 4, 2025
Mautic allows Improper Authorization in Reporting API High
CVE-2024-47053 was published for mautic/core (Composer) Feb 26, 2025
escopecz patrykgruszka
The product performs an authorization check when an actor attempts to access a resource or... High Unreviewed
CVE-2024-5705 was published Feb 20, 2025
Instaclustr Cassandra-Lucene-Index allows bypass of Cassandra RBAC High
CVE-2025-26511 was published for com.instaclustr:cassandra-lucene-index-plugin (Maven) Feb 13, 2025
jfleming-ic
Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace... High Unreviewed
CVE-2025-0937 was published Feb 12, 2025
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are... High Unreviewed
CVE-2025-24407 was published Feb 11, 2025
Adobe Commerce Improper Authorization vulnerability High
CVE-2025-24409 was published for magento/community-edition (Composer) Feb 11, 2025
An authorization issue was addressed with improved state management. This issue is fixed in... High Unreviewed
CVE-2025-24200 was published Feb 10, 2025
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function.... High Unreviewed
CVE-2024-57433 was published Feb 1, 2025
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users... High Unreviewed
CVE-2024-57434 was published Feb 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database