Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

768 advisories

Loading
NATS Server may fail to authorize certain Jetstream admin APIs Critical
CVE-2025-30215 was published for github.com/nats-io/nats-server/v2 (Go) Apr 15, 2025
zarqman
Credited to zarqman
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension... High Unreviewed
CVE-2022-47409 was published Dec 14, 2022
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function... Critical Unreviewed
CVE-2025-29659 was published Apr 21, 2025
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization High Unreviewed
CVE-2017-1002151 was published May 13, 2022
An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions... Critical Unreviewed
CVE-2017-6044 was published May 13, 2022
Zulip Server 1.5.1 and below suffer from an error in the implementation of the... Moderate Unreviewed
CVE-2017-0896 was published May 13, 2022
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before... High Unreviewed
CVE-2017-7484 was published May 14, 2022
Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public... Moderate Unreviewed
CVE-2017-0894 was published May 13, 2022
Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and... Low Unreviewed
CVE-2017-0895 was published May 13, 2022
The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows... Moderate Unreviewed
CVE-2016-5063 was published May 14, 2022
Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an... Moderate Unreviewed
CVE-2017-0892 was published May 13, 2022
Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions... High Unreviewed
CVE-2017-2689 was published May 13, 2022
Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated... Moderate Unreviewed
CVE-2017-2686 was published May 17, 2022
The application management module has a vulnerability in permission verification. Successful... High Unreviewed
CVE-2022-46312 was published Dec 20, 2022
The parent process would not properly check whether the Speech Synthesis feature is enabled, when... Moderate Unreviewed
CVE-2022-29913 was published Dec 22, 2022
Improper Authorization in Apache Xalan-Java High
CVE-2014-0107 was published for xalan:xalan (Maven) May 13, 2022
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and... High Unreviewed
CVE-2016-5676 was published May 17, 2022
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS... High Unreviewed
CVE-2016-5420 was published May 14, 2022
The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as... High Unreviewed
CVE-2016-1710 was published May 17, 2022
Private Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and... Moderate Unreviewed
CVE-2023-42973 was published Apr 11, 2025
Huawei Aslan Children's Watch has an improper authorization vulnerability. Successful exploit... Moderate Unreviewed
CVE-2022-45874 was published Dec 28, 2022
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute... High Unreviewed
CVE-2025-29794 was published Apr 8, 2025
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to... Moderate Unreviewed
CVE-2022-3740 was published Jan 26, 2023
A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege... Moderate Unreviewed
CVE-2025-28131 was published Apr 1, 2025
Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows... Moderate Unreviewed
CVE-2025-2600 was published Mar 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database