Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,640
Maven
5,000+
npm
4,265
NuGet
760
pip
4,061
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,860 advisories

Loading
In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission... Critical Unreviewed
CVE-2025-20674 was published Jun 2, 2025
Mattermost fails to properly enforce access controls for guest users Low
CVE-2025-1792 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
Mattermost fails to properly enforce access control restrictions for System Manager roles Low
CVE-2025-3611 was published for github.com/mattermost/mattermost/server/v8 (Go) May 30, 2025
An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the... Moderate Unreviewed
CVE-2024-7097 was published May 30, 2025
WSO2 products vulnerable to privilege escalation due to business logic flaw in SOAP admin services Moderate
CVE-2024-7096 was published for org.wso2.am:am-parent (Maven) May 30, 2025
An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote... Critical Unreviewed
CVE-2025-48757 was published May 30, 2025
Navidrome Transcoding Permission Bypass Vulnerability Report High
CVE-2025-48948 was published for github.com/navidrome/navidrome (Go) May 29, 2025
lujiefsi
Credited to lujiefsi
Mattermost improperly allows team administrators to modify team invites Moderate
CVE-2025-3913 was published for github.com/mattermost/mattermost/server/v8 (Go) May 29, 2025
Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users High
CVE-2025-48881 was published for com.ritense.valtimo:object-management (Maven) May 28, 2025
An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0... High Unreviewed
CVE-2025-25251 was published May 28, 2025
IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due... Moderate Unreviewed
CVE-2025-25026 was published May 28, 2025
When a notification relating to low battery appears for a user with whom the device has been... Moderate Unreviewed
CVE-2025-4975 was published May 23, 2025
Device commissioning parameters in ASPECT may be modified by an external source if administrative... High Unreviewed
CVE-2024-13947 was published May 22, 2025
An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic... Critical Unreviewed
CVE-2024-6914 was published May 22, 2025
System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if... High Unreviewed
CVE-2025-30171 was published May 22, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In... Low Unreviewed
CVE-2025-1110 was published May 22, 2025
A low-privileged user is able to obtain information about tasks executed on devices controlled by... Moderate Unreviewed
CVE-2025-1415 was published May 21, 2025
A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure... Moderate Unreviewed
CVE-2025-20257 was published May 21, 2025
In Proget MDM, a low-privileged user can access information about changes contained in backups of... Moderate Unreviewed
CVE-2025-1417 was published May 21, 2025
In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently... High Unreviewed
CVE-2025-1416 was published May 21, 2025
A low-privileged user can access information about profiles created in Proget MDM (Mobile Device... Moderate Unreviewed
CVE-2025-1418 was published May 21, 2025
TYPO3 Allows Information Disclosure via DBAL Restriction Handling Low
CVE-2025-47937 was published for typo3/cms-core (Composer) May 20, 2025
christianfutterlieb eliashaeussler
Credited to christianfutterlieb and eliashaeussler
The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is... Moderate Unreviewed
CVE-2025-4101 was published May 17, 2025
Mattermost Fails to Verify User's Permissions When Accessing Groups Moderate
CVE-2025-2527 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
Mattermost Fails to Check User Access to `ExperimentalSettings` Low
CVE-2025-2570 was published for github.com/mattermost/mattermost/server/v8 (Go) May 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database