Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,779 advisories

Loading
A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of... Moderate Unreviewed
CVE-2025-9602 was published Aug 29, 2025
Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP... Moderate Unreviewed
CVE-2025-43784 was published Sep 10, 2025
Authorization Bypass in Next.js Middleware Critical
CVE-2025-29927 was published for next (npm) Mar 21, 2025
cold-try
Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions Critical
CVE-2024-38002 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
Next.js authorization bypass vulnerability High
CVE-2024-51479 was published for next (npm) Dec 17, 2024
tyage
Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated... Moderate Unreviewed
CVE-2025-58134 was published Sep 10, 2025
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Incorrect Authorization... Moderate Unreviewed
CVE-2025-54246 was published Sep 9, 2025
In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an... High Unreviewed
CVE-2025-26436 was published Sep 5, 2025
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect... Moderate Unreviewed
CVE-2025-26442 was published Sep 5, 2025
In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due... High Unreviewed
CVE-2025-32333 was published Sep 4, 2025
In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without... High Unreviewed
CVE-2025-48523 was published Sep 4, 2025
NVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with... Moderate Unreviewed
CVE-2025-23262 was published Sep 5, 2025
NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with... High Unreviewed
CVE-2025-23256 was published Sep 5, 2025
A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function... Moderate Unreviewed
CVE-2025-9835 was published Sep 3, 2025
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user... High Unreviewed
CVE-2024-7697 was published Aug 12, 2024
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to... High Unreviewed
CVE-2025-55177 was published Aug 29, 2025
rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability... Low Unreviewed
CVE-2025-7974 was published Sep 2, 2025
GraphQL query operations security can be bypassed High
CVE-2025-31481 was published for api-platform/core (Composer) Apr 4, 2025
soyuka ausi
alanpoulain
Mattermost Fails to Properly Validate Team Role Modification Low
CVE-2025-53971 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Lack of Access Control Validation Low
CVE-2025-49810 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
OpenFGA Authorization Bypass Moderate
CVE-2025-55213 was published for github.com/openfga/openfga (Go) Aug 18, 2025
domharries
Capsule tenant owners with "patch namespace" permission can hijack system namespaces label Critical
CVE-2025-55205 was published for github.com/projectcapsule/capsule (Go) Aug 18, 2025
b0b0haha
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath... High Unreviewed
CVE-2018-14665 was published May 13, 2022
Incorrect authorization in Kibana can lead to privilege escalation via the built-in... Moderate Unreviewed
CVE-2025-25010 was published Aug 28, 2025
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for... Moderate Unreviewed
CVE-2025-9376 was published Aug 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database