Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,826
Erlang
36
GitHub Actions
32
Go
2,426
Maven
5,000+
npm
4,058
NuGet
723
pip
3,848
Pub
12
RubyGems
934
Rust
1,006
Swift
38
Unreviewed advisories
All unreviewed
5,000+

75 advisories

Loading
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints Critical
CVE-2024-42490 was published for goauthentik.io (Go) Aug 22, 2024
m2a2
lunary-ai/lunary allows users unauthorized access to projects Critical
CVE-2024-4146 was published for lunary (npm) Jun 8, 2024 withdrawn
vincelwt
lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members... Critical Unreviewed
CVE-2024-1741 was published Apr 10, 2024
Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common... Critical Unreviewed
CVE-2024-13241 was published Jan 9, 2025
Gradio Blocked Path ACL Bypass Vulnerability Critical
CVE-2025-23042 was published for gradio (pip) Jan 14, 2025
superboy-zjc jackfromeast
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications Critical
CVE-2024-38821 was published for org.springframework.security:spring-security-web (Maven) Oct 28, 2024
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto Critical
CVE-2024-45337 was published for golang.org/x/crypto (Go) Dec 11, 2024
ryanbekhen SuperSandro2000
Improper Authorization vulnerability in Magento and Adobe Commerce Critical
CVE-2025-24434 was published for magento/community-edition (Composer) Feb 11, 2025
ihor-sviziev
Fleet has SAML authentication vulnerability due to improper SAML response validation Critical
CVE-2025-27509 was published for github.com/fleetdm/fleet/v4 (Go) Mar 6, 2025
hakivvi lucasmrod
getvictor rh-colbymorgan jeffssh
In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control,... Critical Unreviewed
CVE-2024-9095 was published Mar 20, 2025
kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace Critical
CVE-2025-29922 was published for github.com/kcp-dev/kcp (Go) Mar 20, 2025
xmudrii
Because the web management interface for Unified Intents' Unified Remote solution does not itself... Critical Unreviewed
CVE-2022-3229 was published Feb 7, 2023
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid... Critical Unreviewed
CVE-2025-20125 was published Feb 5, 2025
An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions... Critical Unreviewed
CVE-2017-6044 was published May 13, 2022
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function... Critical Unreviewed
CVE-2025-29659 was published Apr 21, 2025
NATS Server may fail to authorize certain Jetstream admin APIs Critical
CVE-2025-30215 was published for github.com/nats-io/nats-server/v2 (Go) Apr 15, 2025
zarqman
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2025-30392 was published Apr 30, 2025
Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. Critical Unreviewed
CVE-2025-30390 was published Apr 30, 2025
The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper... Critical Unreviewed
CVE-2025-3918 was published May 3, 2025
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a... Critical Unreviewed
CVE-2025-4104 was published May 7, 2025
The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing... Critical Unreviewed
CVE-2025-4631 was published May 31, 2025
Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges... Critical Unreviewed
CVE-2025-29827 was published May 9, 2025
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate... Critical Unreviewed
CVE-2025-49746 was published Jul 18, 2025
Authorization Bypass in Next.js Middleware Critical
CVE-2025-29927 was published for next (npm) Mar 21, 2025
cold-try
Azure Portal Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-53792 was published Aug 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database