Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,336 advisories

Loading
Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager.  The vulnerability... Moderate Unreviewed
CVE-2025-3272 was published May 7, 2025
The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all... Moderate Unreviewed
CVE-2025-3609 was published May 6, 2025
Hashicorp Vault Community vulnerable to Incorrect Authorization Moderate
CVE-2025-3879 was published for github.com/hashicorp/vault (Go) May 2, 2025
OpenFGA Authorization Bypass Moderate
CVE-2025-46331 was published for github.com/openfga/openfga (Go) Apr 30, 2025
avinashs433
Credited to avinashs433
Moodle allows IDOR when accessing the cohorts report Moderate
CVE-2025-3647 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle's AJAX section delete does not respect course_can_delete_section() Moderate
CVE-2025-3644 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle has an IDOR in messaging web service which allows access to some user details Moderate
CVE-2025-3645 was published for moodle/moodle (Composer) Apr 25, 2025
AnonySE26
Credited to AnonySE26
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-3861 was published Apr 25, 2025
In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new... Moderate Unreviewed
CVE-2025-46544 was published Apr 25, 2025
A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive... Moderate Unreviewed
CVE-2024-10306 was published Apr 23, 2025
Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux... Moderate Unreviewed
CVE-2024-12862 was published Apr 21, 2025
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create... Moderate Unreviewed
CVE-2025-43921 was published Apr 20, 2025
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated... Moderate Unreviewed
CVE-2024-49808 was published Apr 18, 2025
The Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products –... Moderate Unreviewed
CVE-2025-3453 was published Apr 17, 2025
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2025-2564 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2025-27571 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
kbsteere
Credited to kbsteere
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite ... Moderate Unreviewed
CVE-2025-21582 was published Apr 15, 2025
Mattermost Fails to Restrict Certain Operations on System Admins Moderate
CVE-2025-32093 was published for github.com/mattermost/mattermost-server (Go) Apr 14, 2025
Magento Improper Authorization vulnerability Moderate
CVE-2025-27188 was published for magento/community-edition (Composer) Apr 8, 2025
SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions... Moderate Unreviewed
CVE-2025-31331 was published Apr 8, 2025
Drupal Core Vulnerable to Forceful Browsing Moderate
CVE-2025-31673 was published for drupal/core (Composer) Apr 1, 2025
An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have... Moderate Unreviewed
CVE-2024-55965 was published Mar 26, 2025
Pixelfed may allow unauthorized actor to view private posts and private users Moderate
CVE-2025-30741 was published for pixelfed/pixelfed (Composer) Mar 25, 2025
Mattermost Fails to Enforce Certain Search APIs Moderate
CVE-2025-30179 was published for github.com/mattermost/mattermost/server/v8 (Go) Mar 21, 2025
Mattermost allows members with permission to convert public channels to private and convert private to public Moderate
CVE-2025-27933 was published for github.com/mattermost/mattermost-server (Go) Mar 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database