Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,857 advisories

Loading
Liferay Publications is vulnerable to Incorrect Authorization Moderate
CVE-2025-62243 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
Authorization Bypass in Next.js Middleware Critical
CVE-2025-29927 was published for next (npm) Mar 21, 2025
cold-try
Credited to cold-try
Ash Framework: Filter authorization misapplies impossible bypass/runtime policies High
CVE-2025-48043 was published for ash (Erlang) Oct 13, 2025
maennchen zachdaniel
Credited to maennchen and zachdaniel
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization... Moderate Unreviewed
CVE-2025-7374 was published Oct 10, 2025
GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to... High Unreviewed
CVE-2025-11340 was published Oct 9, 2025
Withdrawn Advisory: Incorrect Authorization in cross-fetch Moderate
CVE-2022-1365 was published for cross-fetch (npm) Apr 17, 2022 withdrawn
cysp AndrewMohawk
Credited to cysp and AndrewMohawk
Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to... Low Unreviewed
CVE-2025-11239 was published Oct 2, 2025
A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call... Moderate Unreviewed
CVE-2025-49641 was published Oct 3, 2025
A regular Zabbix user can search other users in their user group via Zabbix API by select fields... Low Unreviewed
CVE-2025-27236 was published Oct 3, 2025
When a notification relating to low battery appears for a user with whom the device has been... Moderate Unreviewed
CVE-2025-4975 was published May 23, 2025
Improper Privilege Management vulnerability in Centreon web (API Token creation form modules)... High Unreviewed
CVE-2025-4646 was published May 13, 2025
Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to... High Unreviewed
CVE-2025-44824 was published Oct 7, 2025
An access control vulnerability was discovered in the CLI functionality due to a specific access... High Unreviewed
CVE-2025-3719 was published Oct 7, 2025
Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an... High Unreviewed
CVE-2025-40669 was published Jun 9, 2025
The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization... Moderate Unreviewed
CVE-2025-59449 was published Oct 6, 2025
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long... Low Unreviewed
CVE-2025-59451 was published Oct 6, 2025
Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an... High Unreviewed
CVE-2025-40670 was published Jun 9, 2025
Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker,... High Unreviewed
CVE-2025-40668 was published Jun 9, 2025
OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be... High Unreviewed
CVE-2025-10696 was published Oct 3, 2025
Improper permission control vulnerability in the OXARI ServiceDesk application could allow an... Critical Unreviewed
CVE-2025-1542 was published Mar 26, 2025
An authenticated administrator could modify the Created By username for a user account Low Unreviewed
CVE-2025-46744 was published May 12, 2025
VMware Tools for Windows contains an improper authorisation vulnerability due to the way it... High Unreviewed
CVE-2025-41246 was published Sep 29, 2025
IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a... Moderate Unreviewed
CVE-2024-47102 was published Dec 25, 2024
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an... Moderate Unreviewed
CVE-2024-22316 was published Jan 27, 2025
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
CVE-2025-11060 was published for SurrealDB (Rust) Sep 11, 2025
kearfy
Credited to kearfy
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database