Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,809
Pub
12
RubyGems
928
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,261 advisories

Loading
Moodle allows IDOR when accessing the cohorts report Moderate
CVE-2025-3647 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle's AJAX section delete does not respect course_can_delete_section() Moderate
CVE-2025-3644 was published for moodle/moodle (Composer) Apr 25, 2025
OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations.... Moderate Unreviewed
CVE-2025-27370 was published Mar 3, 2025
In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0... Moderate Unreviewed
CVE-2025-27371 was published Mar 3, 2025
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-3861 was published Apr 25, 2025
In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new... Moderate Unreviewed
CVE-2025-46544 was published Apr 25, 2025
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2025-27571 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
kbsteere
Mattermost Fails to Restrict Certain Operations on System Admins Moderate
CVE-2025-32093 was published for github.com/mattermost/mattermost-server (Go) Apr 14, 2025
An access issue was addressed with additional sandbox restrictions on third-party apps. This... Moderate Unreviewed
CVE-2022-32945 was published Dec 15, 2022
Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux... Moderate Unreviewed
CVE-2024-12862 was published Apr 21, 2025
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs).... Moderate Unreviewed
CVE-2017-10379 was published May 14, 2022
Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public... Moderate Unreviewed
CVE-2017-0894 was published May 13, 2022
An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS... Moderate Unreviewed
CVE-2017-6590 was published May 13, 2022
An error in the implementation of an autosubscribe feature in the check_stream_exists route of... Moderate Unreviewed
CVE-2017-0881 was published May 13, 2022
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by... Moderate Unreviewed
CVE-2017-6816 was published May 13, 2022
In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to... Moderate Unreviewed
CVE-2022-20572 was published Dec 21, 2022
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated... Moderate Unreviewed
CVE-2024-49808 was published Apr 18, 2025
juzawebCMS Incorrect Access Control vulnerability Moderate
CVE-2023-46906 was published for juzaweb/cms (Composer) Jan 9, 2024
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2... Moderate Unreviewed
CVE-2022-46400 was published Dec 20, 2022
The Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products –... Moderate Unreviewed
CVE-2025-3453 was published Apr 17, 2025
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite ... Moderate Unreviewed
CVE-2025-21582 was published Apr 15, 2025
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2025-2564 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution Moderate
CVE-2022-31683 was published for github.com/concourse/concourse (Go) Oct 19, 2022
rickramgattie tdunlap607
If a user installed an extension of a particular type, the extension could have auto-updated... Moderate Unreviewed
CVE-2022-22754 was published Dec 22, 2022
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as... Moderate Unreviewed
CVE-2022-31744 was published Dec 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database