Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,688
Erlang
34
GitHub Actions
26
Go
2,274
Maven
5,000+
npm
3,930
NuGet
706
pip
3,696
Pub
12
RubyGems
919
Rust
955
Swift
38
Unreviewed advisories
All unreviewed
5,000+

220 advisories

Loading
OpenFGA Authorization Bypass Moderate
CVE-2025-46331 was published for github.com/openfga/openfga (Go) Apr 30, 2025
avinashs433
Shopware Broken ACL on Document retrieval to access other customers documents Moderate
GHSA-68wv-g3fw-pq7q was published for shopware/core (Composer) Apr 8, 2025
Vite allows server.fs.deny to be bypassed with .svg or relative paths Moderate
CVE-2025-31486 was published for vite (npm) Apr 4, 2025
HSwift Iuhsssss
kikayli sw0rd1ight do9gy-msec Onetpaer
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query Moderate
CVE-2025-31125 was published for vite (npm) Mar 31, 2025
Iuhsssss
Vite bypasses server.fs.deny when using ?raw?? Moderate
CVE-2025-30208 was published for vite (npm) Mar 25, 2025
Ezzer17
Aim Improper Access Control Moderate
CVE-2024-8238 was published for aim (pip) Mar 20, 2025
CosmWasm Allows Bypass of Capability Restrictions in Blockchains Moderate
CVE-2025-25500 was published for cosmwasm (Rust) Mar 18, 2025
Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims Moderate
CVE-2025-1391 was published for org.keycloak:keycloak-services (Maven) Mar 10, 2025
Duplicate Advisory: Keycloak allows Incorrect Assignment of an Organization to a User Moderate
GHSA-rq4w-cjrr-h8w8 was published for org.keycloak:keycloak-services (Maven) Feb 17, 2025 withdrawn
Magento Improper Access Control vulnerability Moderate
CVE-2025-24427 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24435 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24437 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24436 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24424 was published for magento/community-edition (Composer) Feb 11, 2025
Connect-CMS Access control vulnerability Moderate
GHSA-5rjc-jc28-cwgg was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
WildFly improper RBAC permission Moderate
CVE-2025-23367 was published for org.wildfly.core:wildfly-server (Maven) Jan 31, 2025
Duplicate Advisory: Wildfly Server Role Based Access Control (RBAC) provider has Improper Access Control Moderate
GHSA-fcrw-mphx-7cxf was published for org.wildfly:wildfly-server (Maven) Jan 30, 2025 withdrawn
Moodle IDOR when accessing list of course badges Moderate
CVE-2024-48899 was published for moodle/moodle (Composer) Nov 20, 2024
Improper Access Control in janeczku/calibre-web Moderate
CVE-2021-3987 was published for calibreweb (pip) Nov 15, 2024
Access control vulnerable to user data deletion by anonynmous users Moderate
CVE-2024-51734 was published for AccessControl (pip) Nov 4, 2024
n1k9 d-maurer
perrinjerome dataflake
ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected Moderate
CVE-2024-50353 was published for ICG.AspNetCore.Utilities.CloudStorage (NuGet) Oct 30, 2024
mitchelsellers
Mattermost Server allows user to get private channel names Moderate
CVE-2024-10241 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
Magento Open Source Information Exposure vulnerability Moderate
CVE-2024-45133 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-45135 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-45121 was published for magento/community-edition (Composer) Oct 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database