Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,857 advisories

Loading
Magento allows incorrect authorization Moderate
CVE-2025-54265 was published for magento/community-edition (Composer) Oct 14, 2025
The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this... Critical Unreviewed
CVE-2022-37002 was published Aug 11, 2022
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote... Moderate Unreviewed
CVE-2025-62648 was published Oct 17, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the... Moderate Unreviewed
CVE-2025-62647 was published Oct 17, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not... Moderate Unreviewed
CVE-2025-62651 was published Oct 17, 2025
Ash has authorization bypass when bypass policy condition evaluates to true High
CVE-2025-48044 was published for ash (Erlang) Oct 17, 2025
jechol maennchen
zachdaniel
Credited to jechol, maennchen, and zachdaniel
An Incorrect Authorization vulnerability has been identified in Moxa’s network security... High Unreviewed
CVE-2025-6892 was published Oct 17, 2025
Mattermost has an Incorrect Authorization vulnerability Low
CVE-2025-10545 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Mautic allows Improper Authorization in Reporting API High
CVE-2024-47053 was published for mautic/core (Composer) Feb 26, 2025
escopecz patrykgruszka
Credited to escopecz and patrykgruszka
An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to... Moderate Unreviewed
CVE-2025-9955 was published Oct 16, 2025
Due to an insufficient access control implementation in multiple WSO2 Products, authentication... Critical Unreviewed
CVE-2025-10611 was published Oct 16, 2025
Incorrect Authorization vulnerability in the protocol communication between the WatchGuard... Critical Unreviewed
CVE-2024-6592 was published Sep 25, 2024
Open WebUI Allows Admin Deletion via API Endpoint High
CVE-2024-7039 was published for open-webui (pip) Mar 20, 2025
In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where... High Unreviewed
CVE-2024-9098 was published Mar 20, 2025
In lunary-ai/lunary v1.5.0, improper privilege management in the models.ts file allows users with... Moderate Unreviewed
CVE-2024-10273 was published Mar 20, 2025
In version 1.5.5 of lunary-ai/lunary, a vulnerability exists where admins, who do not have direct... High Unreviewed
CVE-2024-10275 was published Mar 20, 2025
In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API... Moderate Unreviewed
CVE-2024-7048 was published Oct 10, 2024
In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a... Moderate Unreviewed
CVE-2024-3404 was published Jun 6, 2024
In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with... High Unreviewed
CVE-2024-5714 was published Jun 27, 2024
In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardless of their role, can... Moderate Unreviewed
CVE-2024-6086 was published Jun 27, 2024
An improper access control vulnerability exists in lunary-ai/lunary versions up to and including... High Unreviewed
CVE-2024-3504 was published Jun 6, 2024
An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including... High Unreviewed
CVE-2024-5130 was published Jun 6, 2024
Bookgy does not provide for proper authorisation control in multiple areas of the application.... Critical Unreviewed
CVE-2025-40619 was published Apr 29, 2025
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and... Moderate Unreviewed
CVE-2025-54277 was published Oct 14, 2025
SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an authenticated attacker with... Moderate Unreviewed
CVE-2025-42939 was published Oct 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database