Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,053
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,336 advisories

Loading
An authentication issue was addressed with improved state management. This issue is fixed in... Moderate Unreviewed
CVE-2025-43459 was published Nov 4, 2025
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43397 was published Nov 4, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43336 was published Nov 4, 2025
The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an... Moderate Unreviewed
CVE-2025-12038 was published Nov 1, 2025
Liferay Portal and DXP do not check permissions of images in a blog entry Moderate
CVE-2025-62275 was published for com.liferay:com.liferay.blogs.item.selector.web (Maven) Nov 1, 2025
Liferay Portal Does Not Limit Access to APIs Before Email Verification Moderate
CVE-2025-62259 was published for com.liferay.portal:release.portal.bom (Maven) Oct 28, 2025
GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4... Moderate Unreviewed
CVE-2025-11971 was published Oct 27, 2025
Moodle sends quiz-related messages to inactive/suspended users Moderate
CVE-2025-62394 was published for moodle/moodle (Composer) Oct 23, 2025
Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually Moderate
GHSA-m895-2hj3-8cg9 was published for shopware/core (Composer) Oct 21, 2025
JoshuaBehrens
Credited to JoshuaBehrens
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not... Moderate Unreviewed
CVE-2025-62651 was published Oct 17, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the... Moderate Unreviewed
CVE-2025-62647 was published Oct 17, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote... Moderate Unreviewed
CVE-2025-62648 was published Oct 17, 2025
An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to... Moderate Unreviewed
CVE-2025-9955 was published Oct 16, 2025
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and... Moderate Unreviewed
CVE-2025-54277 was published Oct 14, 2025
Magento allows incorrect authorization Moderate
CVE-2025-54265 was published for magento/community-edition (Composer) Oct 14, 2025
Magento vulnerable to privilege escalation due to incorrect authorization Moderate
CVE-2025-54267 was published for magento/community-edition (Composer) Oct 14, 2025
SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an authenticated attacker with... Moderate Unreviewed
CVE-2025-42939 was published Oct 14, 2025
Liferay Publications is vulnerable to Incorrect Authorization Moderate
CVE-2025-62243 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization... Moderate Unreviewed
CVE-2025-7374 was published Oct 10, 2025
The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization... Moderate Unreviewed
CVE-2025-59449 was published Oct 6, 2025
A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call... Moderate Unreviewed
CVE-2025-49641 was published Oct 3, 2025
Duplicate Advisory: SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
GHSA-98f8-j56x-2hh4 was published for surrealdb (Rust) Sep 26, 2025 withdrawn
Liferay Portal and DXP does not properly check permission with import and export tasks Moderate
CVE-2025-43806 was published for com.liferay:com.liferay.batch.engine.service (Maven) Sep 23, 2025
In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can... Moderate Unreviewed
CVE-2025-59714 was published Sep 19, 2025
The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private... Moderate Unreviewed
CVE-2025-10015 was published Sep 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database