Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,266 advisories

Loading
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a... High Unreviewed
CVE-2025-33073 was published Jun 10, 2025
Incorrect access control in the web service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows... High Unreviewed
CVE-2025-45584 was published Sep 12, 2025
The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories... High Unreviewed
CVE-2025-10491 was published Sep 15, 2025
OpenSynergy BlueSDK (aka Blue SDK) through 6.x mishandles a function call. The specific flaw... High Unreviewed
CVE-2024-45432 was published Sep 12, 2025
Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0... High Unreviewed
CVE-2025-10201 was published Sep 10, 2025
An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized... High Unreviewed
CVE-2025-56405 was published Sep 10, 2025
Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate... High Unreviewed
CVE-2025-54116 was published Sep 9, 2025
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to... High Unreviewed
CVE-2025-49692 was published Sep 9, 2025
Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges... High Unreviewed
CVE-2025-54098 was published Sep 9, 2025
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde... High Unreviewed
CVE-2014-9197 was published May 17, 2022
Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability High Unreviewed
CVE-2025-55238 was published Sep 5, 2025
Directus incorrectly handles `_in` filter High
CVE-2024-39701 was published for directus (npm) Jul 8, 2024
adelinn
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities,... High Unreviewed
CVE-2025-54599 was published Sep 2, 2025
There is an Access Control Vulnerability in some HikCentral Professional versions. This could... High Unreviewed
CVE-2025-39247 was published Aug 29, 2025
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager,... High Unreviewed
CVE-2022-36923 was published Aug 11, 2022
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function. High Unreviewed
CVE-2025-29421 was published Aug 26, 2025
Incorrect access control in the preHandle function of SpringBootBlog v1.0.0 allows attackers to... High Unreviewed
CVE-2024-53494 was published Aug 22, 2025
UnoPim has Broken Access Control High
CVE-2025-55741 was published for unopim/unopim (Composer) Aug 22, 2025
0xcharb
A discrepancy in the error message returned by the login function of Reolink Smart 2K+ Plug-in Wi... High Unreviewed
CVE-2025-55630 was published Aug 22, 2025
A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi... High Unreviewed
CVE-2023-45744 was published Apr 17, 2024
On N-central, it is possible for any authenticated user to read, write and modify syslog... High Unreviewed
CVE-2025-7051 was published Aug 21, 2025
Incorrect access control in the doFilter function of itranswarp up to 2.19 allows attackers to... High Unreviewed
CVE-2025-28041 was published Aug 20, 2025
An Improper Access Control could allow a malicious actor authenticated in the API of certain... High Unreviewed
CVE-2025-27215 was published Aug 21, 2025
Incorrect access control in the preHandle function of my-site v1.0.2 allows attackers to access... High Unreviewed
CVE-2024-57152 was published Aug 20, 2025
Incorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to... High Unreviewed
CVE-2024-53495 was published Aug 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database