Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,005 advisories

Loading
Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for... High Unreviewed
CVE-2022-46792 was published Dec 8, 2022
Drupal Two-factor Authentication (TFA) Vulnerable to Forceful Browsing High
CVE-2025-31694 was published for drupal/tfa (Composer) Apr 1, 2025
In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a... High Unreviewed
CVE-2023-40117 was published Oct 27, 2023
XWiki uses the wrong wiki reference in AuthorizationManager High
CVE-2025-29924 was published for org.xwiki.platform:xwiki-platform-security-authorization-api (Maven) Mar 19, 2025
NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged... High Unreviewed
CVE-2025-23244 was published May 1, 2025
An attacker with local access to the system can make unauthorized modifications of the security... High Unreviewed
CVE-2021-26360 was published Jul 6, 2023
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are... High Unreviewed
CVE-2022-40773 was published Nov 12, 2022
On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP,... High Unreviewed
CVE-2025-46265 was published May 8, 2025
Moodle Incorrect Authorization vulnerability High
CVE-2020-14321 was published for moodle/moodle (Composer) Aug 17, 2022
AnonySE26
An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content... High Unreviewed
CVE-2025-26842 was published May 8, 2025
Phoenix before 1.6.14 mishandles check_origin wildcarding High
CVE-2022-42975 was published for phoenix (Erlang) Oct 17, 2022
maennchen
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly... High Unreviewed
CVE-2024-38884 was published Aug 2, 2024
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect... High Unreviewed
CVE-2025-43565 was published May 13, 2025
In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions... High Unreviewed
CVE-2024-36963 was published Jun 3, 2024
In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently... High Unreviewed
CVE-2025-1416 was published May 21, 2025
Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed... High Unreviewed
CVE-2022-3045 was published Sep 27, 2022
System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if... High Unreviewed
CVE-2025-30171 was published May 22, 2025
Device commissioning parameters in ASPECT may be modified by an external source if administrative... High Unreviewed
CVE-2024-13947 was published May 22, 2025
Rancher users who can create Projects can gain access to arbitrary projects High
CVE-2024-22031 was published for github.com/rancher/rancher (Go) Apr 25, 2025
AnonySE26
An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0... High Unreviewed
CVE-2025-25251 was published May 28, 2025
Unauthorized access vulnerability in the card management module. Successful exploitation of this... High Unreviewed
CVE-2023-49246 was published Dec 6, 2023
Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers High
CVE-2021-33335 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute... High Unreviewed
CVE-2024-22938 was published Jan 30, 2024
MantisBT Incorrect Authorization for bug_revision_view_page.php check High
CVE-2020-35849 was published for mantisbt/mantisbt (Composer) May 24, 2022
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses... High Unreviewed
CVE-2022-34908 was published Feb 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database