GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,715
Erlang
34
GitHub Actions
28
Go
2,302
Maven
5,000+
npm
3,946
NuGet
711
pip
3,716
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
413 advisories
Filter by severity
The femanager TYPO3 extension allows Insecure Direct Object Reference
Moderate
CVE-2025-48202
was published
for
in2code/femanager
(Composer)
May 21, 2025
Reflex vulnerable to private state fields modification
High
CVE-2025-47425
was published
for
reflex
(pip)
May 15, 2025
Jenkins OpenID Connect Provider Plugin Incorrectly Validates Crafted Build ID Tokens
Critical
CVE-2025-47884
was published
for
io.jenkins.plugins:oidc-provider
(Maven)
May 14, 2025
goshs route not protected, allows command execution
Critical
CVE-2025-46816
was published
for
github.com/patrickhener/goshs
(Go)
May 6, 2025
BRCC Incorrect Access Control vulnerability
Critical
CVE-2025-45616
was published
for
com.baidu.mapp:brcc-core
(Maven)
May 5, 2025
OpenFGA Authorization Bypass
Moderate
CVE-2025-46331
was published
for
github.com/openfga/openfga
(Go)
Apr 30, 2025
Shopware Broken ACL on Document retrieval to access other customers documents
Moderate
GHSA-68wv-g3fw-pq7q
was published
for
shopware/core
(Composer)
Apr 8, 2025
Vite allows server.fs.deny to be bypassed with .svg or relative paths
Moderate
CVE-2025-31486
was published
for
vite
(npm)
Apr 4, 2025
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
Moderate
CVE-2025-31125
was published
for
vite
(npm)
Mar 31, 2025
Vite bypasses server.fs.deny when using ?raw??
Moderate
CVE-2025-30208
was published
for
vite
(npm)
Mar 25, 2025
OpenDaylight SFC Allows Unauthorized Privileged Execution via Crafted Request
Critical
CVE-2025-29315
was published
for
org.opendaylight.sfc:sfc-parent
(Maven)
Mar 24, 2025
PipeCD Vulnerable to Privilege Escalation
High
CVE-2024-53351
was published
for
github.com/pipe-cd/pipecd
(Go)
Mar 21, 2025
TastyIgniter Has an Incorrect Access Control Vulnerability via `invoice()` Function
High
CVE-2024-44313
was published
for
tastyigniter/tastyigniter
(Composer)
Mar 18, 2025
CosmWasm Allows Bypass of Capability Restrictions in Blockchains
Moderate
CVE-2025-25500
was published
for
cosmwasm
(Rust)
Mar 18, 2025
Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims
Moderate
CVE-2025-1391
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 10, 2025
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
High
CVE-2025-23389
was published
for
github.com/rancher/rancher
(Go)
Feb 27, 2025
Duplicate Advisory: Keycloak allows Incorrect Assignment of an Organization to a User
Moderate
GHSA-rq4w-cjrr-h8w8
was published
for
org.keycloak:keycloak-services
(Maven)
Feb 17, 2025
•
withdrawn
Magento Improper Access Control vulnerability
Moderate
CVE-2025-24437
was published
for
magento/community-edition
(Composer)
Feb 11, 2025
Magento Improper Access Control vulnerability
Moderate
CVE-2025-24436
was published
for
magento/community-edition
(Composer)
Feb 11, 2025
Magento Improper Access Control vulnerability
Moderate
CVE-2025-24435
was published
for
magento/community-edition
(Composer)
Feb 11, 2025
Magento Improper Access Control vulnerability
Low
CVE-2025-24429
was published
for
magento/community-edition
(Composer)
Feb 11, 2025
Magento Improper Access Control vulnerability
Moderate
CVE-2025-24427
was published
for
magento/community-edition
(Composer)
Feb 11, 2025
Magento Improper Access Control vulnerability
High
CVE-2025-24411
was published
for
magento/community-edition
(Composer)
Feb 11, 2025
Magento Improper Access Control vulnerability
Moderate
CVE-2025-24424
was published
for
magento/community-edition
(Composer)
Feb 11, 2025
ProTip!
Advisories are also available from the
GraphQL API