Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,368
Maven
5,000+
npm
3,989
NuGet
720
pip
3,781
Pub
12
RubyGems
926
Rust
982
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,703 advisories

Loading
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the... Low Unreviewed
CVE-2025-32462 was published Jun 30, 2025
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2025-46702 was published for github.com/mattermost/mattermost-server (Go) Jun 30, 2025
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2025-47871 was published for github.com/mattermost/mattermost-server (Go) Jun 30, 2025
The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has... Critical Unreviewed
CVE-2025-53391 was published Jun 29, 2025
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected... Low Unreviewed
CVE-2025-49549 was published Jun 26, 2025
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected... Moderate Unreviewed
CVE-2025-49550 was published Jun 26, 2025
Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege... High Unreviewed
CVE-2025-5822 was published Jun 26, 2025
Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to... High Unreviewed
CVE-2025-48466 was published Jun 26, 2025
Incus creates nftables rules that partially bypass security options High
CVE-2025-52890 was published for github.com/lxc/incus/v6 (Go) Jun 26, 2025
obp-anssi
Under certain conditions, an authenticated user request may execute with stale privileges... Moderate Unreviewed
CVE-2025-6707 was published Jun 26, 2025
An incorrect authorization vulnerability exists in multiple WSO2 products that allows... Moderate Unreviewed
CVE-2024-3511 was published Jun 23, 2025
kubernetes allows nodes to bypass dynamic resource allocation authorization checks Low
CVE-2025-4563 was published for k8s.io/kubernetes (Go) Jun 23, 2025
Yealink YMCS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts,... Moderate Unreviewed
CVE-2025-52918 was published Jun 22, 2025
Mattermost allows unauthorized channel member management through playbook runs Moderate
CVE-2025-3227 was published for github.com/mattermost/mattermost-server (Go) Jun 20, 2025
Mattermost allows an unauthorized Guest user access to Playbook Moderate
CVE-2025-3228 was published for github.com/mattermost/mattermost-server (Go) Jun 20, 2025
DNN.PLATFORM possibly allows bypass of IP Filters High
CVE-2025-52487 was published for DNN.PLATFORM (NuGet) Jun 20, 2025
valadas bdukes
mitchelsellers
The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of... High Unreviewed
CVE-2025-5071 was published Jun 19, 2025
The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-3880 was published Jun 17, 2025
Teleport allows remote authentication bypass Critical
CVE-2025-49825 was published for github.com/gravitational/teleport (Go) Jun 16, 2025
XWiki allows remote code execution through preview of XClass changes in AWM editor High
CVE-2025-49586 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 13, 2025
The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable to unauthorized access due... Moderate Unreviewed
CVE-2025-6003 was published Jun 12, 2025
Drupal Commerce Alphabank Redirect Incorrect Authorization vulnerability High
CVE-2025-48446 was published for drupal/commerce_alphabank_redirect (Composer) Jun 11, 2025
Drupal Commerce Eurobank (Redirect) Incorrect Authorization vulnerability High
CVE-2025-48445 was published for drupal/commerce_eurobank_redirect (Composer) Jun 11, 2025
Mattermost allows guest users to view information about public teams they are not members of Low
CVE-2025-4128 was published for github.com/mattermost/mattermost-server (Go) Jun 11, 2025
The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of... High Unreviewed
CVE-2024-7457 was published Jun 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database