GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,545
Composer 4,693
Erlang 34
GitHub Actions 28
Go 2,283
Maven 5,567
npm 3,934
NuGet 708
pip 3,702
Pub 12
RubyGems 919
Rust 959
Swift 38

Unreviewed advisories

All unreviewed 255,878

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

314 advisories

Filter by severity

Sort by

Least recently updated

This issue was addressed by restricting options offered on a locked device. This issue is fixed... Critical Unreviewed

CVE-2025-30436 was published May 13, 2025

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access... Critical Unreviewed

CVE-2025-43563 was published May 13, 2025

Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a... Critical Unreviewed

CVE-2025-28104 was published Apr 21, 2025

Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint. Critical Unreviewed

CVE-2024-48905 was published May 2, 2025

Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted... Critical Unreviewed

CVE-2025-45612 was published May 5, 2025

Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to... Critical Unreviewed

CVE-2025-45611 was published May 5, 2025

Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain... Critical Unreviewed

CVE-2025-45615 was published May 5, 2025

VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A... Critical Unreviewed

CVE-2022-31687 was published Nov 10, 2022

Carel Boss Mini 1.5.0 has Improper Access Control. Critical Unreviewed

CVE-2022-34827 was published Nov 19, 2022

There is an access control vulnerability in some ZTE PON OLT products. Due to improper access... Critical Unreviewed

CVE-2022-39070 was published Nov 22, 2022

Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows unauthorized attackers to... Critical Unreviewed

CVE-2025-28231 was published Apr 18, 2025

Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000,... Critical Unreviewed

CVE-2025-28233 was published Apr 18, 2025

Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and System v2.2.15 allows... Critical Unreviewed

CVE-2025-28229 was published Apr 21, 2025

Incorrect access control in the HOME.php endpoint of JMBroadcast JMB0150 Firmware v1.0 allows... Critical Unreviewed

CVE-2025-28232 was published Apr 21, 2025

Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by... Critical Unreviewed

CVE-2014-3624 was published May 17, 2022

Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the ... Critical Unreviewed

CVE-2014-9148 was published May 17, 2022

An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL... Critical Unreviewed

CVE-2017-7928 was published May 13, 2022

AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites... Critical Unreviewed

CVE-2015-2692 was published May 17, 2022

MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to... Critical Unreviewed

CVE-2016-9412 was published May 17, 2022

eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When... Critical Unreviewed

CVE-2015-4594 was published May 14, 2022

The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via... Critical Unreviewed

CVE-2016-8606 was published May 17, 2022

Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt... Critical Unreviewed

CVE-2025-25948 was published Mar 3, 2025

Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 131.0... Critical Unreviewed

CVE-2025-1568 was published Apr 17, 2025

A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance... Critical Unreviewed

CVE-2025-3113 was published Apr 17, 2025

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.893 Application 20.0.2140... Critical Unreviewed

CVE-2025-27649 was published Mar 5, 2025

Previous 1 2 3 4 5 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

314 advisories