Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,791 advisories

Loading
In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can... Moderate Unreviewed
CVE-2025-59714 was published Sep 19, 2025
The Sparkle framework includes a helper tool Autoupdate. Due to lack of authentication of... High Unreviewed
CVE-2025-10016 was published Sep 16, 2025
Spring Security annotation detection mechanism has authorization bypass High
CVE-2025-41248 was published for org.springframework.security:spring-security-core (Maven) Sep 16, 2025
Spring Framework annotation detection mechanism may result in improper authorization High
CVE-2025-41249 was published for org.springframework:spring-core (Maven) Sep 16, 2025
The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private... Moderate Unreviewed
CVE-2025-10015 was published Sep 16, 2025
This issue was addressed with improved checks to prevent unauthorized actions. This issue is... Moderate Unreviewed
CVE-2025-43307 was published Sep 16, 2025
This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26... Moderate Unreviewed
CVE-2025-31254 was published Sep 16, 2025
Before action, Ash's hooks may execute in certain scenarios despite a request being forbidden High
CVE-2025-48042 was published for ash (Erlang) Sep 15, 2025
zachdaniel maennchen
Liferay Portal JSON Web Services Direct Class Invocation Enables Service Access Policy Execution Low
CVE-2025-43789 was published for com.liferay:com.liferay.comment.web (Maven) Sep 12, 2025
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
GHSA-7vm2-j586-vcvc was published for SurrealDB (Rust) Sep 11, 2025
kearfy
Liferay Portal's Incorrect Authorization vulnerability can lead to guest users to obtaining sensitive data Moderate
CVE-2025-43784 was published for com.liferay:com.liferay.headless.builder.impl (Maven) Sep 10, 2025
Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated... Moderate Unreviewed
CVE-2025-58134 was published Sep 10, 2025
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Incorrect Authorization... Moderate Unreviewed
CVE-2025-54246 was published Sep 9, 2025
In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an... High Unreviewed
CVE-2025-26436 was published Sep 5, 2025
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect... Moderate Unreviewed
CVE-2025-26442 was published Sep 5, 2025
NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with... High Unreviewed
CVE-2025-23256 was published Sep 5, 2025
NVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with... Moderate Unreviewed
CVE-2025-23262 was published Sep 5, 2025
In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without... High Unreviewed
CVE-2025-48523 was published Sep 4, 2025
In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due... High Unreviewed
CVE-2025-32333 was published Sep 4, 2025
A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function... Moderate Unreviewed
CVE-2025-9835 was published Sep 3, 2025
rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability... Low Unreviewed
CVE-2025-7974 was published Sep 2, 2025
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to... High Unreviewed
CVE-2025-55177 was published Aug 29, 2025
A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of... Moderate Unreviewed
CVE-2025-9602 was published Aug 29, 2025
Incorrect authorization in Kibana can lead to privilege escalation via the built-in... Moderate Unreviewed
CVE-2025-25010 was published Aug 28, 2025
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for... Moderate Unreviewed
CVE-2025-9376 was published Aug 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database