Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,304 advisories

Loading
In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0... Moderate Unreviewed
CVE-2025-27371 was published Mar 3, 2025
OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations.... Moderate Unreviewed
CVE-2025-27370 was published Mar 3, 2025
The product performs an authorization check when an actor attempts to access a resource or... High Unreviewed
CVE-2024-5705 was published Feb 20, 2025
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an... Moderate Unreviewed
CVE-2024-45081 was published Feb 19, 2025
Insecure Permissions in Atos Eviden IDRA and IDCA before 2.7.0. A highly trusted role (Config... Moderate Unreviewed
CVE-2024-39328 was published Feb 18, 2025
app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search. Moderate Unreviewed
CVE-2024-57969 was published Feb 14, 2025
Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace... High Unreviewed
CVE-2025-0937 was published Feb 12, 2025
Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8... Moderate Unreviewed
CVE-2025-0516 was published Feb 12, 2025
An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate... Moderate Unreviewed
CVE-2024-54916 was published Feb 12, 2025
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are... Moderate Unreviewed
CVE-2025-24420 was published Feb 11, 2025
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are... Moderate Unreviewed
CVE-2025-24419 was published Feb 11, 2025
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are... High Unreviewed
CVE-2025-24407 was published Feb 11, 2025
The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain... Moderate Unreviewed
CVE-2025-24872 was published Feb 11, 2025
SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose... Moderate Unreviewed
CVE-2025-24869 was published Feb 11, 2025
An authorization issue was addressed with improved state management. This issue is fixed in... High Unreviewed
CVE-2025-24200 was published Feb 10, 2025
An error when handling authorization related to the import / export interfaces on the RISC... Moderate Unreviewed
CVE-2021-41528 was published Feb 7, 2025
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function.... High Unreviewed
CVE-2024-57433 was published Feb 1, 2025
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users... High Unreviewed
CVE-2024-57434 was published Feb 1, 2025
macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys... Critical Unreviewed
CVE-2024-57432 was published Jan 31, 2025
SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on... Critical Unreviewed
CVE-2024-47857 was published Jan 31, 2025
Software installed and run as a non-privileged user may conduct improper read/write operations on... High Unreviewed
CVE-2024-46974 was published Jan 31, 2025
This vulnerability allows network-adjacent attackers to create arbitrary files on affected... High Unreviewed
CVE-2024-23929 was published Jan 31, 2025
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected... High Unreviewed
CVE-2024-23921 was published Jan 31, 2025
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected... High Unreviewed
CVE-2024-23963 was published Jan 31, 2025
This vulnerability allows network-adjacent attackers to disclose sensitive information on... Moderate Unreviewed
CVE-2024-23937 was published Jan 31, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database