Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,010
NuGet
720
pip
3,810
Pub
12
RubyGems
930
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,716 advisories

Loading
Mattermost Fails to Validate Team Invite Permissions Moderate
CVE-2025-3446 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect... High Unreviewed
CVE-2025-43565 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect... Critical Unreviewed
CVE-2025-43561 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access... Critical Unreviewed
CVE-2025-43564 was published May 13, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5... Moderate Unreviewed
CVE-2025-31227 was published May 13, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS... Moderate Unreviewed
CVE-2025-30440 was published May 13, 2025
Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges... Critical Unreviewed
CVE-2025-29827 was published May 9, 2025
An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content... High Unreviewed
CVE-2025-26842 was published May 8, 2025
On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP,... High Unreviewed
CVE-2025-46265 was published May 8, 2025
On an F5OS system, if the root user had previously configured the system to allow login via SSH... Critical Unreviewed
CVE-2025-36546 was published May 8, 2025
Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager.  The vulnerability... Moderate Unreviewed
CVE-2025-3272 was published May 7, 2025
Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability... Critical Unreviewed
CVE-2025-3476 was published May 7, 2025
The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all... Moderate Unreviewed
CVE-2025-3609 was published May 6, 2025
Hashicorp Vault Community vulnerable to Incorrect Authorization Moderate
CVE-2025-3879 was published for github.com/hashicorp/vault (Go) May 2, 2025
NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged... High Unreviewed
CVE-2025-23244 was published May 1, 2025
OpenFGA Authorization Bypass Moderate
CVE-2025-46331 was published for github.com/openfga/openfga (Go) Apr 30, 2025
avinashs433
Bookgy does not provide for proper authorisation control in multiple areas of the application.... Critical Unreviewed
CVE-2025-40619 was published Apr 29, 2025
Solr script service doesn't take dropped programming right into account Low
CVE-2025-32971 was published for org.xwiki.platform:xwiki-platform-search-solr-api (Maven) Apr 29, 2025
An authentication issue was addressed with improved state management. This issue is fixed in... High Unreviewed
CVE-2025-24206 was published Apr 29, 2025
Moodle allows IDOR when accessing the cohorts report Moderate
CVE-2025-3647 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle's AJAX section delete does not respect course_can_delete_section() Moderate
CVE-2025-3644 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle has an IDOR in messaging web service which allows access to some user details Moderate
CVE-2025-3645 was published for moodle/moodle (Composer) Apr 25, 2025
AnonySE26
Rancher users who can create Projects can gain access to arbitrary projects High
CVE-2024-22031 was published for github.com/rancher/rancher (Go) Apr 25, 2025
AnonySE26
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-3861 was published Apr 25, 2025
In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new... Moderate Unreviewed
CVE-2025-46544 was published Apr 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database