Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,633
Erlang
34
GitHub Actions
25
Go
2,241
Maven
5,000+
npm
3,902
NuGet
701
pip
3,668
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

635 advisories

Loading
NATS Server may fail to authorize certain Jetstream admin APIs Critical
CVE-2025-30215 was published for github.com/nats-io/nats-server/v2 (Go) Apr 15, 2025
zarqman
Private Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and... Moderate Unreviewed
CVE-2023-42973 was published Apr 11, 2025
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are... Moderate Unreviewed
CVE-2025-27188 was published Apr 8, 2025
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute... High Unreviewed
CVE-2025-29794 was published Apr 8, 2025
Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value Moderate
CVE-2025-30373 was published for org.graylog2:graylog2-server (Maven) Apr 7, 2025
A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege... Moderate Unreviewed
CVE-2025-28131 was published Apr 1, 2025
Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges... High Unreviewed
CVE-2025-26683 was published Apr 1, 2025
Insecure Direct Object References (IDOR) in access control in Tracking 2.1.4 on NightWolf... High Unreviewed
CVE-2025-3014 was published Mar 31, 2025
Insecure Direct Object References (IDOR) in access control in Customer Portal before 2.1.4 on... High Unreviewed
CVE-2025-3013 was published Mar 31, 2025
Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows... Moderate Unreviewed
CVE-2025-2600 was published Mar 26, 2025
Improper authorization in application password policy in Devolutions Remote Desktop Manager on... Low Unreviewed
CVE-2025-2528 was published Mar 26, 2025
Kyverno ignores subjectRegExp and IssuerRegExp Moderate
CVE-2025-29778 was published for github.com/kyverno/kyverno (Go) Mar 24, 2025
frgt10cs
Authorization Bypass in Next.js Middleware Critical
CVE-2025-29927 was published for next (npm) Mar 21, 2025
cold-try jackwilson323
kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace Critical
CVE-2025-29922 was published for github.com/kcp-dev/kcp (Go) Mar 20, 2025
xmudrii
LiteLLM Has an Improper Authorization Vulnerability High
CVE-2025-0628 was published for litellm (pip) Mar 20, 2025
In lunary-ai/lunary before version 1.4.26, the checklists.post() endpoint allows users to create... High Unreviewed
CVE-2024-9000 was published Mar 20, 2025
In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control,... Critical Unreviewed
CVE-2024-9095 was published Mar 20, 2025
In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows low-privilege users to... High Unreviewed
CVE-2024-9096 was published Mar 20, 2025
A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute... High Unreviewed
CVE-2024-8764 was published Mar 20, 2025
A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover... High Unreviewed
CVE-2024-12880 was published Mar 20, 2025
A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to... Moderate Unreviewed
CVE-2024-13060 was published Mar 20, 2025
An improper authorization vulnerability exists in lunary-ai/lunary version 1.5.5. The /users/me... Moderate Unreviewed
CVE-2024-10274 was published Mar 20, 2025
The WikiManager REST API allows any user to create wikis High
CVE-2025-29926 was published for org.xwiki.platform:xwiki-platform-wiki-rest-default (Maven) Mar 19, 2025
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and... High Unreviewed
CVE-2025-30117 was published Mar 18, 2025
TastyIgniter Has an Incorrect Access Control Vulnerability Moderate
CVE-2024-44314 was published for tastyigniter/tastyigniter (Composer) Mar 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database