Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,815
Erlang
36
GitHub Actions
32
Go
2,401
Maven
5,000+
npm
4,044
NuGet
723
pip
3,830
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

263 advisories

Loading
GitProxy New Branch Approval Exploit High
CVE-2025-54585 was published for @finos/git-proxy (npm) Jul 30, 2025
jescalada
HAX CMS API Lacks Authorization Checks High
CVE-2025-54378 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 25, 2025
lfgberg
The Application is vulnerable to an Unauthenticated Arbitrary File Read. This affects the Agent... High Unreviewed
CVE-2024-26291 was published Jul 14, 2025
Juju allows arbitrary executable uploads via authenticated endpoint without authorization High
CVE-2025-0928 was published for github.com/juju/juju (Go) Jul 9, 2025
tlm wallyworld
hpidcock Fedqys
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute... High Unreviewed
CVE-2025-49701 was published Jul 8, 2025
An unauthorized user may leverage a specially crafted aggregation pipeline to access data without... High Unreviewed
CVE-2025-6713 was published Jul 7, 2025
Graylog vulnerable to privilege escalation through API tokens High
CVE-2025-53106 was published for org.graylog2:graylog2-server (Maven) Jun 30, 2025
thll
Claude Code Improper Authorization via websocket connections from arbitrary origins High
CVE-2025-52882 was published for @anthropic-ai/claude-code (npm) Jun 23, 2025
Salt vulnerable to arbitrary event injection High
CVE-2025-22239 was published for salt (pip) Jun 13, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Authorization... High Unreviewed
CVE-2025-46840 was published Jun 11, 2025
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a... High Unreviewed
CVE-2024-43706 was published Jun 10, 2025
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected... High Unreviewed
CVE-2025-43585 was published Jun 10, 2025
The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to... High Unreviewed
CVE-2025-4672 was published May 31, 2025
The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing... High Unreviewed
CVE-2025-4103 was published May 31, 2025
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a... High Unreviewed
CVE-2025-4474 was published May 13, 2025
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a... High Unreviewed
CVE-2025-4473 was published May 13, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An... High Unreviewed
CVE-2025-31249 was published May 13, 2025
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized... High Unreviewed
CVE-2025-3921 was published May 7, 2025
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate... High Unreviewed
CVE-2025-30389 was published Apr 30, 2025
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module. High Unreviewed
CVE-2025-32982 was published Apr 25, 2025
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute... High Unreviewed
CVE-2025-29794 was published Apr 8, 2025
Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges... High Unreviewed
CVE-2025-26683 was published Apr 1, 2025
Insecure Direct Object References (IDOR) in access control in Tracking 2.1.4 on NightWolf... High Unreviewed
CVE-2025-3014 was published Mar 31, 2025
Insecure Direct Object References (IDOR) in access control in Customer Portal before 2.1.4 on... High Unreviewed
CVE-2025-3013 was published Mar 31, 2025
LiteLLM Has an Improper Authorization Vulnerability High
CVE-2025-0628 was published for litellm (pip) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database