Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

348 advisories

Loading
Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10... Moderate Unreviewed
CVE-2023-42541 was published Nov 14, 2023
Magento Open Source allows Improper Authorization Moderate
CVE-2023-38220 was published for magento/community-edition (Composer) Oct 13, 2023
The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet... Moderate Unreviewed
CVE-2024-13724 was published Mar 4, 2025
Information disclosure while deriving keys for a session for any Widevine use case. Moderate Unreviewed
CVE-2024-43051 was published Mar 3, 2025
The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet... Moderate Unreviewed
CVE-2024-13692 was published Feb 14, 2025
A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been... Moderate Unreviewed
CVE-2024-4819 was published May 14, 2024
OpenFGA Authorization Bypass Moderate
CVE-2025-25196 was published for github.com/openfga/openfga (Go) Feb 19, 2025
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar sunSUNQ
Symfony storing cookie headers in HttpCache Moderate
CVE-2022-24894 was published for symfony/http-kernel (Composer) Feb 1, 2023
nicolas-grekas shyim
The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation... Moderate Unreviewed
CVE-2024-13821 was published Feb 12, 2025
Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all... Moderate Unreviewed
CVE-2023-1167 was published Apr 5, 2023
Magento Improper Authorization vulnerability in the customers module Moderate
CVE-2021-28567 was published for magento/community-edition (Composer) May 24, 2022
Magento improper authorization vulnerability in the integrations module Moderate
CVE-2021-21026 was published for magento/community-edition (Composer) May 24, 2022
Magento Insecure Direct Object Reference (IDOR) in the product module Moderate
CVE-2021-21022 was published for magento/community-edition (Composer) May 24, 2022
Magento incorrect permissions vulnerability in the Integrations component Moderate
CVE-2020-24402 was published for magento/community-edition (Composer) May 24, 2022
Kubewarden-Controller information leak via AdmissionPolicyGroup Resource Moderate
CVE-2025-24784 was published for github.com/kubewarden/kubewarden-controller (Go) Jan 30, 2025
flavio
TShock allows chat while not fully connected, possible ban evasion Moderate
GHSA-f8mx-cwfh-7hr2 was published for tshock (NuGet) Feb 3, 2025
ohayo
A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of... Moderate Unreviewed
CVE-2023-28318 was published May 10, 2023
A vulnerability has been discovered in Rocket.Chat, where editing messages can change the... Moderate Unreviewed
CVE-2023-28317 was published May 10, 2023
An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to... Moderate Unreviewed
CVE-2023-28325 was published May 12, 2023
A vulnerability, which was classified as critical, has been found in SourceCodester Computer... Moderate Unreviewed
CVE-2024-3139 was published Apr 2, 2024
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs Moderate
CVE-2025-24397 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Jan 22, 2025
Gradio's CORS origin validation accepts the null origin Moderate
CVE-2024-47165 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical.... Moderate Unreviewed
CVE-2025-0580 was published Jan 20, 2025
CVE-2024-5138: snapd snapctl auth bypass Moderate
CVE-2024-5138 was published for github.com/snapcore/snapd (Go) Jan 16, 2025
rmcnamara-snyk
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database