Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,005 advisories

Loading
An authorization issue was addressed with improved state management. This issue is fixed in... High Unreviewed
CVE-2025-24200 was published Feb 10, 2025
Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access High
CVE-2024-55633 was published for apache-superset (pip) Dec 12, 2024
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are... High Unreviewed
CVE-2025-24407 was published Feb 11, 2025
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled High
CVE-2024-53949 was published for apache-superset (pip) Dec 9, 2024
The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in... High Unreviewed
CVE-2024-7624 was published Aug 15, 2024
Incorrect permissions in the installation directories for shared SystemLink Elixir based services... High Unreviewed
CVE-2024-1155 was published Feb 20, 2024
Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace... High Unreviewed
CVE-2025-0937 was published Feb 12, 2025
Incorrect directory permissions for the shared NI RabbitMQ service may allow a local... High Unreviewed
CVE-2024-1156 was published Feb 20, 2024
Broken Authentication in Atlassian Connect Express High
CVE-2021-26073 was published for atlassian-connect-express (npm) May 24, 2022
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode High
CVE-2024-27309 was published for org.apache.kafka:kafka-metadata (Maven) Apr 12, 2024
Apache Superset incorrect write permissions vulnerability High
CVE-2023-49734 was published for apache-superset (pip) Dec 19, 2023
Instaclustr Cassandra-Lucene-Index allows bypass of Cassandra RBAC High
CVE-2025-26511 was published for com.instaclustr:cassandra-lucene-index-plugin (Maven) Feb 13, 2025
jfleming-ic
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021... High Unreviewed
CVE-2021-25337 was published May 24, 2022
The product performs an authorization check when an actor attempts to access a resource or... High Unreviewed
CVE-2024-5705 was published Feb 20, 2025
In updatePermissionTreeSourcePackage of PermissionManagerServiceImpl.java, there is a possible... High Unreviewed
CVE-2023-20971 was published Mar 24, 2023
In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible... High Unreviewed
CVE-2023-20975 was published Mar 24, 2023
Mautic allows Improper Authorization in Reporting API High
CVE-2024-47053 was published for mautic/core (Composer) Feb 26, 2025
escopecz patrykgruszka
An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker... High Unreviewed
CVE-2022-45636 was published Mar 21, 2023
Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-28478, CVE-2021... High Unreviewed
CVE-2021-26418 was published May 24, 2022
Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0... High Unreviewed
CVE-2023-4997 was published Oct 4, 2023
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a... High Unreviewed
CVE-2025-0359 was published Mar 4, 2025
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a... High Unreviewed
CVE-2025-0360 was published Mar 4, 2025
There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0... High Unreviewed
CVE-2023-22891 was published Mar 8, 2023
Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an... High Unreviewed
CVE-2025-2003 was published Mar 5, 2025
An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows... High Unreviewed
CVE-2025-27822 was published Mar 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database