GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,948
Composer 4,873
Erlang 37
GitHub Actions 36
Go 2,519
Maven 5,959
npm 4,156
NuGet 736
pip 3,956
Pub 12
RubyGems 946
Rust 1,026
Swift 39

Unreviewed advisories

All unreviewed 270,233

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

491 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege... Moderate Unreviewed

CVE-2025-28131 was published Apr 1, 2025

Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges... High Unreviewed

CVE-2025-26683 was published Apr 1, 2025

Insecure Direct Object References (IDOR) in access control in Tracking 2.1.4 on NightWolf... High Unreviewed

CVE-2025-3014 was published Mar 31, 2025

Insecure Direct Object References (IDOR) in access control in Customer Portal before 2.1.4 on... High Unreviewed

CVE-2025-3013 was published Mar 31, 2025

Improper authorization in application password policy in Devolutions Remote Desktop Manager on... Low Unreviewed

CVE-2025-2528 was published Mar 26, 2025

Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows... Moderate Unreviewed

CVE-2025-2600 was published Mar 26, 2025

In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control,... Critical Unreviewed

CVE-2024-9095 was published Mar 20, 2025

In lunary-ai/lunary before version 1.4.26, the checklists.post() endpoint allows users to create... High Unreviewed

CVE-2024-9000 was published Mar 20, 2025

In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows low-privilege users to... High Unreviewed

CVE-2024-9096 was published Mar 20, 2025

A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute... High Unreviewed

CVE-2024-8764 was published Mar 20, 2025

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover... High Unreviewed

CVE-2024-12880 was published Mar 20, 2025

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to... Moderate Unreviewed

CVE-2024-13060 was published Mar 20, 2025

An improper authorization vulnerability exists in lunary-ai/lunary version 1.5.5. The /users/me... Moderate Unreviewed

CVE-2024-10274 was published Mar 20, 2025

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and... High Unreviewed

CVE-2025-30117 was published Mar 18, 2025

Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate... High Unreviewed

CVE-2025-24053 was published Mar 13, 2025

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable... Moderate Unreviewed

CVE-2024-13552 was published Mar 7, 2025

The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet... Moderate Unreviewed

CVE-2024-13724 was published Mar 4, 2025

Information disclosure while deriving keys for a session for any Widevine use case. Moderate Unreviewed

CVE-2024-43051 was published Mar 3, 2025

A vulnerability, which was classified as problematic, has been found in SourceCodester Best... Moderate Unreviewed

CVE-2025-1607 was published Feb 24, 2025

The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information... High Unreviewed

CVE-2025-1361 was published Feb 22, 2025

The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet... Moderate Unreviewed

CVE-2024-13692 was published Feb 14, 2025

The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation... Moderate Unreviewed

CVE-2024-13821 was published Feb 12, 2025

Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are... High Unreviewed

CVE-2025-24418 was published Feb 11, 2025

Microsoft SharePoint Server Remote Code Execution Vulnerability High Unreviewed

CVE-2025-21400 was published Feb 11, 2025

Permission verification vulnerability in the media library module Impact: Successful exploitation... Moderate Unreviewed

CVE-2024-57954 was published Feb 6, 2025

Previous 1…3…20 Next

Previous 1 2 3 4 5 … 19 20 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

491 advisories