Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,263 advisories

Loading
In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can... Moderate Unreviewed
CVE-2025-59714 was published Sep 19, 2025
An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files... Moderate Unreviewed
CVE-2023-29240 was published Jul 6, 2023
Access permission verification vulnerability in the App Multiplier module Impact: Successful... Moderate Unreviewed
CVE-2024-9136 was published Sep 27, 2024
This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26... Moderate Unreviewed
CVE-2025-31254 was published Sep 16, 2025
The Sparkle framework includes a helper tool Autoupdate. Due to lack of authentication of... High Unreviewed
CVE-2025-10016 was published Sep 16, 2025
The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private... Moderate Unreviewed
CVE-2025-10015 was published Sep 16, 2025
This issue was addressed with improved checks to prevent unauthorized actions. This issue is... Moderate Unreviewed
CVE-2025-43307 was published Sep 16, 2025
A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of... Moderate Unreviewed
CVE-2025-9602 was published Aug 29, 2025
Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated... Moderate Unreviewed
CVE-2025-58134 was published Sep 10, 2025
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Incorrect Authorization... Moderate Unreviewed
CVE-2025-54246 was published Sep 9, 2025
In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an... High Unreviewed
CVE-2025-26436 was published Sep 5, 2025
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect... Moderate Unreviewed
CVE-2025-26442 was published Sep 5, 2025
In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due... High Unreviewed
CVE-2025-32333 was published Sep 4, 2025
In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without... High Unreviewed
CVE-2025-48523 was published Sep 4, 2025
NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with... High Unreviewed
CVE-2025-23256 was published Sep 5, 2025
NVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with... Moderate Unreviewed
CVE-2025-23262 was published Sep 5, 2025
A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function... Moderate Unreviewed
CVE-2025-9835 was published Sep 3, 2025
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user... High Unreviewed
CVE-2024-7697 was published Aug 12, 2024
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to... High Unreviewed
CVE-2025-55177 was published Aug 29, 2025
rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability... Low Unreviewed
CVE-2025-7974 was published Sep 2, 2025
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath... High Unreviewed
CVE-2018-14665 was published May 13, 2022
Incorrect authorization in Kibana can lead to privilege escalation via the built-in... Moderate Unreviewed
CVE-2025-25010 was published Aug 28, 2025
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for... Moderate Unreviewed
CVE-2025-9376 was published Aug 28, 2025
An authentication issue was addressed with improved state management. This issue is fixed in... High Unreviewed
CVE-2025-24206 was published Apr 29, 2025
An incorrect authorization vulnerability allowed unauthorized read access to the contents of... Moderate Unreviewed
CVE-2025-6981 was published Jul 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database