Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

769 advisories

Loading
Magento incorrect user permissions vulnerability within the Inventory component Low
CVE-2020-24403 was published for magento/community-edition (Composer) May 24, 2022
Magento incorrect permissions vulnerability in the Integrations component Moderate
CVE-2020-24402 was published for magento/community-edition (Composer) May 24, 2022
Contrast's unauthenticated recovery allows Coordinator impersonation High
GHSA-vqv5-385r-2hf8 was published for github.com/edgelesssys/contrast (Go) Feb 5, 2025
3u13r burgerdev
katexochen
Credited to 3u13r, burgerdev, and katexochen
MarbleRun unauthenticated recovery allows Coordinator impersonation High
GHSA-w7wm-2425-7p2h was published for github.com/edgelesssys/marblerun (Go) Feb 4, 2025
Kubewarden-Controller information leak via AdmissionPolicyGroup Resource Moderate
CVE-2025-24784 was published for github.com/kubewarden/kubewarden-controller (Go) Jan 30, 2025
flavio
Credited to flavio
The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)... High Unreviewed
CVE-2024-13694 was published Jan 30, 2025
TShock allows chat while not fully connected, possible ban evasion Moderate
GHSA-f8mx-cwfh-7hr2 was published for tshock (NuGet) Feb 3, 2025
ohayo
Credited to ohayo
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto Critical
CVE-2024-45337 was published for golang.org/x/crypto (Go) Dec 11, 2024
ryanbekhen SuperSandro2000
Credited to ryanbekhen and SuperSandro2000
The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that... High Unreviewed
CVE-2024-13646 was published Jan 30, 2025
A vulnerability has been discovered in Rocket.Chat, where editing messages can change the... Moderate Unreviewed
CVE-2023-28317 was published May 10, 2023
A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of... Moderate Unreviewed
CVE-2023-28318 was published May 10, 2023
An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to... Moderate Unreviewed
CVE-2023-28325 was published May 12, 2023
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications Critical
CVE-2024-38821 was published for org.springframework.security:spring-security-web (Maven) Oct 28, 2024
A vulnerability, which was classified as critical, has been found in SourceCodester Computer... Moderate Unreviewed
CVE-2024-3139 was published Apr 2, 2024
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs Moderate
CVE-2025-24397 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Jan 22, 2025
XWiki users registered with email verification can self re-activate their disabled accounts High
CVE-2021-32620 was published for org.xwiki.commons:xwiki-commons-core (Maven) May 18, 2021
anonymous-nlp-student
Credited to anonymous-nlp-student
Gradios's CORS origin validation is not performed when the request has a cookie High
CVE-2024-47084 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Credited to ahpaleus and Vasco-jofra
Gradio's CORS origin validation accepts the null origin Moderate
CVE-2024-47165 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Credited to ahpaleus and Vasco-jofra
A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical.... Moderate Unreviewed
CVE-2025-0580 was published Jan 20, 2025
CVE-2024-5138: snapd snapctl auth bypass Moderate
CVE-2024-5138 was published for github.com/snapcore/snapd (Go) Jan 16, 2025
rmcnamara-snyk
Credited to rmcnamara-snyk
Gradio Blocked Path ACL Bypass Vulnerability Critical
CVE-2025-23042 was published for gradio (pip) Jan 14, 2025
superboy-zjc jackfromeast
Credited to superboy-zjc and jackfromeast
OpenFGA Authorization Bypass Moderate
CVE-2024-56323 was published for github.com/openfga/openfga (Go) Jan 13, 2025
miparnisari
Credited to miparnisari
Microsoft SharePoint Server Remote Code Execution Vulnerability High Unreviewed
CVE-2025-21348 was published Jan 14, 2025
Windows App Package Installer Elevation of Privilege Vulnerability High Unreviewed
CVE-2025-21275 was published Jan 14, 2025
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could... Low Unreviewed
CVE-2020-9081 was published Dec 27, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database