Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,822
Erlang
36
GitHub Actions
32
Go
2,413
Maven
5,000+
npm
4,052
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,005
Swift
38
Unreviewed advisories
All unreviewed
5,000+

337 advisories

Loading
TastyIgniter Has an Incorrect Access Control Vulnerability Moderate
CVE-2024-44314 was published for tastyigniter/tastyigniter (Composer) Mar 18, 2025
Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content Moderate
CVE-2025-27602 was published for Umbraco.Cms.Web.Backoffice (NuGet) Mar 11, 2025
hazemeldoc
Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality Moderate
CVE-2025-27601 was published for Umbraco.Cms.Api.Management (NuGet) Mar 11, 2025
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2024-13552 was published Mar 7, 2025
The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet... Moderate Unreviewed
CVE-2024-13724 was published Mar 4, 2025
Information disclosure while deriving keys for a session for any Widevine use case. Moderate Unreviewed
CVE-2024-43051 was published Mar 3, 2025
A vulnerability, which was classified as problematic, has been found in SourceCodester Best... Moderate Unreviewed
CVE-2025-1607 was published Feb 24, 2025
OpenFGA Authorization Bypass Moderate
CVE-2025-25196 was published for github.com/openfga/openfga (Go) Feb 19, 2025
The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet... Moderate Unreviewed
CVE-2024-13692 was published Feb 14, 2025
The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation... Moderate Unreviewed
CVE-2024-13821 was published Feb 12, 2025
TShock allows chat while not fully connected, possible ban evasion Moderate
GHSA-f8mx-cwfh-7hr2 was published for tshock (NuGet) Feb 3, 2025
ohayo
Kubewarden-Controller information leak via AdmissionPolicyGroup Resource Moderate
CVE-2025-24784 was published for github.com/kubewarden/kubewarden-controller (Go) Jan 30, 2025
flavio
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs Moderate
CVE-2025-24397 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Jan 22, 2025
A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical.... Moderate Unreviewed
CVE-2025-0580 was published Jan 20, 2025
CVE-2024-5138: snapd snapctl auth bypass Moderate
CVE-2024-5138 was published for github.com/snapcore/snapd (Go) Jan 16, 2025
rmcnamara-snyk
OpenFGA Authorization Bypass Moderate
CVE-2024-56323 was published for github.com/openfga/openfga (Go) Jan 13, 2025
miparnisari
TeamPass does not properly check whether a folder is in a user's allowed folders list Moderate
CVE-2024-50701 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
TeamPass mail_me operation authorization issue Moderate
CVE-2024-50702 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
The Download Manager plugin for WordPress is vulnerable to unauthorized download of password... Moderate Unreviewed
CVE-2024-11768 was published Dec 19, 2024
A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This... Moderate Unreviewed
CVE-2024-12483 was published Dec 12, 2024
kcp's impersonation allows access to global administrative groups Moderate
GHSA-c7xh-gjv4-4jgv was published for github.com/kcp-dev/kcp (Go) Dec 11, 2024
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization... Moderate Unreviewed
CVE-2024-43729 was published Dec 11, 2024
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization... Moderate Unreviewed
CVE-2024-43731 was published Dec 11, 2024
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access Moderate
CVE-2024-8676 was published for github.com/cri-o/cri-o (Go) Nov 26, 2024
Moodle Lesson activity password bypass through PHP loose comparison Moderate
CVE-2024-45691 was published for moodle/moodle (Composer) Nov 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database