Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

768 advisories

Loading
An improper authorization vulnerability exists in lunary-ai/lunary version 1.5.5. The /users/me... Moderate Unreviewed
CVE-2024-10274 was published Mar 20, 2025
The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main'... High Unreviewed
CVE-2024-4254 was published Jun 4, 2024
A vulnerability was found in FLIR AX8 up to 1.46.16. It has been rated as critical. This issue... Moderate Unreviewed
CVE-2024-3013 was published Mar 28, 2024
Casdoor is vulnerable to Improper Authorization High
CVE-2025-61524 was published for github.com/casdoor/casdoor (Go) Oct 8, 2025
An improper authorization vulnerability [CWE-285] in Fortinet FortiOS version 7.4.0 through 7.4.1... Moderate Unreviewed
CVE-2025-54822 was published Oct 14, 2025
Improper Authentication, Missing Authentication for Critical Function, Improper Authorization... High Unreviewed
CVE-2024-7015 was published Sep 9, 2024
Better Auth: Unauthenticated API key creation through api-key plugin Critical
CVE-2025-61928 was published for better-auth (npm) Oct 9, 2025
etiennelunetta
Credited to etiennelunetta
Authorization Bypass in Next.js Middleware Critical
CVE-2025-29927 was published for next (npm) Mar 21, 2025
cold-try
Credited to cold-try
Hyperledger Fabric does not verify request has a timestamp within the expected time window Moderate
CVE-2024-45244 was published for github.com/hyperledger/fabric (Go) Aug 25, 2024
Redis Enterprise Elevation of Privilege Vulnerability High Unreviewed
CVE-2025-59271 was published Oct 9, 2025
A vulnerability was detected in zhuimengshaonian wisdom-education up to 1.0.4. The affected... Moderate Unreviewed
CVE-2025-11321 was published Oct 6, 2025
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-11227 was published Oct 4, 2025
Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317... High Unreviewed
CVE-2025-59305 was published Sep 24, 2025
A flaw has been found in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is... Moderate Unreviewed
CVE-2025-10947 was published Sep 25, 2025
Authorization Bypass Through User-Controlled Key, CWE - 862 - Missing Authorization, – Improper... Moderate Unreviewed
CVE-2025-8532 was published Sep 19, 2025
Permission verification vulnerability in the media library module Impact: Successful exploitation... Moderate Unreviewed
CVE-2024-57954 was published Feb 6, 2025
Access permission verification vulnerability in the Notepad module Impact: Successful... Low Unreviewed
CVE-2024-42036 was published Aug 8, 2024
Access permission verification vulnerability in the Contacts module Impact: Successful... Moderate Unreviewed
CVE-2024-42032 was published Aug 8, 2024
Permission control vulnerability in the clipboard module Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2024-51525 was published Nov 5, 2024
Access control vulnerability in the SystemUI module Impact: Successful exploitation of this... Moderate Unreviewed
CVE-2024-42039 was published Sep 4, 2024
Spring Framework annotation detection mechanism may result in improper authorization High
CVE-2025-41249 was published for org.springframework:spring-core (Maven) Sep 16, 2025
Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource... Moderate Unreviewed
CVE-2025-8057 was published Sep 16, 2025
In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation... Moderate Unreviewed
CVE-2025-6088 was published Sep 11, 2025
Next.js authorization bypass vulnerability High
CVE-2024-51479 was published for next (npm) Dec 17, 2024
tyage
Credited to tyage
In getDestinationForApp of SpaAppBridgeActivity, there is a possible cross-user file reveal due... High Unreviewed
CVE-2025-26430 was published Sep 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database