Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,825
Erlang
36
GitHub Actions
32
Go
2,417
Maven
5,000+
npm
4,054
NuGet
723
pip
3,845
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

337 advisories

Loading
An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer... Moderate Unreviewed
CVE-2022-42961 was published Oct 15, 2022
Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value Moderate
CVE-2025-30373 was published for org.graylog2:graylog2-server (Maven) Apr 7, 2025
fabsx00
Kyverno ignores subjectRegExp and IssuerRegExp Moderate
CVE-2025-29778 was published for github.com/kyverno/kyverno (Go) Mar 24, 2025
frgt10cs
A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an... Moderate Unreviewed
CVE-2022-36454 was published Oct 25, 2022
A vulnerability was found in kishor-23 Food Waste Management System 1.0. It has been declared as... Moderate Unreviewed
CVE-2024-2557 was published Mar 17, 2024
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access... Moderate Unreviewed
CVE-2025-3924 was published May 7, 2025
Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization in github.com/casdoor/casdoor Moderate
CVE-2025-4210 was published for github.com/casdoor/casdoor (Go) May 2, 2025
Inspektor Gadget Security Policies Can be Bypassed Moderate
GHSA-pv22-fqcj-7xwh was published for github.com/inspektor-gadget/inspektor-gadget (Go) May 6, 2025
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting... Moderate Unreviewed
CVE-2022-2461 was published Sep 7, 2022
Magento Improper Authorization vulnerability Moderate
CVE-2025-27188 was published for magento/community-edition (Composer) Apr 8, 2025
Zulip Server 1.5.1 and below suffer from an error in the implementation of the... Moderate Unreviewed
CVE-2017-0896 was published May 13, 2022
Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public... Moderate Unreviewed
CVE-2017-0894 was published May 13, 2022
The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows... Moderate Unreviewed
CVE-2016-5063 was published May 14, 2022
Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an... Moderate Unreviewed
CVE-2017-0892 was published May 13, 2022
Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated... Moderate Unreviewed
CVE-2017-2686 was published May 17, 2022
The parent process would not properly check whether the Speech Synthesis feature is enabled, when... Moderate Unreviewed
CVE-2022-29913 was published Dec 22, 2022
Private Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and... Moderate Unreviewed
CVE-2023-42973 was published Apr 11, 2025
Huawei Aslan Children's Watch has an improper authorization vulnerability. Successful exploit... Moderate Unreviewed
CVE-2022-45874 was published Dec 28, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to... Moderate Unreviewed
CVE-2022-3740 was published Jan 26, 2023
A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege... Moderate Unreviewed
CVE-2025-28131 was published Apr 1, 2025
Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows... Moderate Unreviewed
CVE-2025-2600 was published Mar 26, 2025
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as... Moderate Unreviewed
CVE-2024-9082 was published Sep 22, 2024
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E... Moderate Unreviewed
CVE-2024-21018 was published Apr 17, 2024
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E... Moderate Unreviewed
CVE-2024-21035 was published Apr 17, 2024
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E... Moderate Unreviewed
CVE-2024-21039 was published Apr 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database