Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,688
Erlang
34
GitHub Actions
26
Go
2,274
Maven
5,000+
npm
3,930
NuGet
706
pip
3,696
Pub
12
RubyGems
919
Rust
955
Swift
38
Unreviewed advisories
All unreviewed
5,000+

220 advisories

Loading
WildFly improper RBAC permission Moderate
CVE-2025-23367 was published for org.wildfly.core:wildfly-server (Maven) Jan 31, 2025
OpenFGA Authorization Bypass Moderate
CVE-2025-46331 was published for github.com/openfga/openfga (Go) Apr 30, 2025
avinashs433
Missing permissions check in Liferay Portal Moderate
CVE-2022-42126 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Vite allows server.fs.deny to be bypassed with .svg or relative paths Moderate
CVE-2025-31486 was published for vite (npm) Apr 4, 2025
HSwift Iuhsssss
kikayli sw0rd1ight do9gy-msec Onetpaer
TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz) Moderate
CVE-2022-47407 was published for fixpunkt/fp-masterquiz (Composer) Dec 14, 2022
MarkLee131
Magento Improper Access Control vulnerability Moderate
CVE-2025-24436 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24437 was published for magento/community-edition (Composer) Feb 11, 2025
Moodle does not use the forceloginforprofiles setting for course-profiles access control Moderate
CVE-2011-4279 was published for moodle/moodle (Composer) May 13, 2022
Joomla! allows attackers to access cached pages Moderate
CVE-2008-3226 was published for joomla/joomla-platform (Composer) May 1, 2022
Roundup Improper Access Control Moderate
CVE-2009-2737 was published for Roundup (pip) May 2, 2022
anonymous4ACL24
Shopware Broken ACL on Document retrieval to access other customers documents Moderate
GHSA-68wv-g3fw-pq7q was published for shopware/core (Composer) Apr 8, 2025
Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin Moderate
CVE-2023-24425 was published for com.cloudbees.jenkins.plugins:kubernetes-credentials-provider (Maven) Jan 26, 2023
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query Moderate
CVE-2025-31125 was published for vite (npm) Mar 31, 2025
Iuhsssss
Privilege escalation in Liferay Portal Moderate
CVE-2022-45320 was published for com.liferay.portal:release.portal.bom (Maven) Feb 20, 2024
Vite bypasses server.fs.deny when using ?raw?? Moderate
CVE-2025-30208 was published for vite (npm) Mar 25, 2025
Ezzer17
CosmWasm Allows Bypass of Capability Restrictions in Blockchains Moderate
CVE-2025-25500 was published for cosmwasm (Rust) Mar 18, 2025
Aim Improper Access Control Moderate
CVE-2024-8238 was published for aim (pip) Mar 20, 2025
Jenkins Exclusion Plugin allows Access to Resource Locks Moderate
CVE-2013-6373 was published for org.jenkins-ci.plugins:exclusion (Maven) May 17, 2022
Jenkins Monitoring Plugin Reveals Sensitive Information via Unspecified Pages Moderate
CVE-2014-3679 was published for org.jvnet.hudson.plugins:monitoring (Maven) May 17, 2022
Jenkins allows Bypass of Access Restrictions Moderate
CVE-2015-5325 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins allows Remote Users to Build Arbitrary Jobs Moderate
CVE-2013-0330 was published for org.jenkins-ci.main:jenkins-core (Maven) May 5, 2022
Duplicate Advisory: Keycloak allows Incorrect Assignment of an Organization to a User Moderate
GHSA-rq4w-cjrr-h8w8 was published for org.keycloak:keycloak-services (Maven) Feb 17, 2025 withdrawn
Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims Moderate
CVE-2025-1391 was published for org.keycloak:keycloak-services (Maven) Mar 10, 2025
Magento Open Source allows Improper Access Control Moderate
CVE-2022-35689 was published for magento/community-edition (Composer) Oct 15, 2022
Magento Open Source allows Improper Access Control Moderate
CVE-2023-22250 was published for magento/community-edition (Composer) Mar 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database