Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,855 advisories

Loading
Mattermost Fails to Properly Perform Viewer Role Authorization Moderate
CVE-2025-1472 was published for github.com/mattermost/mattermost-server (Go) Mar 19, 2025
A vulnerability has been identified in the port ACL functionality of AOS-CX software running on... Low Unreviewed
CVE-2025-25040 was published Mar 18, 2025
Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods Low
CVE-2025-27512 was published for zincati (Rust) Mar 17, 2025
jlebon
Credited to jlebon
Broken access control vulnerability in the IcProgress Innovación y Cualificación plugin. This... Moderate Unreviewed
CVE-2025-2201 was published Mar 17, 2025
Broken access control vulnerability in the Innovación y Cualificación local administration plugin... Moderate Unreviewed
CVE-2025-2202 was published Mar 17, 2025
Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows... High Unreviewed
CVE-2025-30074 was published Mar 16, 2025
This vulnerability exists in the CAP back office application due to improper authorization checks... High Unreviewed
CVE-2025-29997 was published Mar 13, 2025
An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior... Low Unreviewed
CVE-2024-7296 was published Mar 13, 2025
An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17... Moderate Unreviewed
CVE-2025-0652 was published Mar 13, 2025
An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all... Low Unreviewed
CVE-2024-55592 was published Mar 11, 2025
An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow... High Unreviewed
CVE-2024-45328 was published Mar 11, 2025
Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content Moderate
CVE-2025-27602 was published for Umbraco.Cms.Web.Backoffice (NuGet) Mar 11, 2025
hazemeldoc
Credited to hazemeldoc
Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality Moderate
CVE-2025-27601 was published for Umbraco.Cms.Api.Management (NuGet) Mar 11, 2025
An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows... High Unreviewed
CVE-2025-27822 was published Mar 8, 2025
Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior... Moderate Unreviewed
CVE-2025-2045 was published Mar 6, 2025
An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting... Low Unreviewed
CVE-2025-1540 was published Mar 6, 2025
Incorrect authorization in PAM vaults in Devolutions Server 2024.3.12 and earlier allows an... High Unreviewed
CVE-2025-2003 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368... Critical Unreviewed
CVE-2025-27645 was published Mar 5, 2025
A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality.... Moderate Unreviewed
CVE-2024-39352 was published Mar 4, 2025
IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations Critical
CVE-2025-27507 was published for github.com/zitadel/zitadel (Go) Mar 4, 2025
amit-laish livio-a
fforootd adlerhurst
Credited to amit-laish, livio-a, fforootd, and adlerhurst
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a... High Unreviewed
CVE-2025-0359 was published Mar 4, 2025
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a... High Unreviewed
CVE-2025-0360 was published Mar 4, 2025
In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0... Moderate Unreviewed
CVE-2025-27371 was published Mar 3, 2025
OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations.... Moderate Unreviewed
CVE-2025-27370 was published Mar 3, 2025
WSO2 incorrect authorization vulnerability Moderate
CVE-2024-2321 was published for org.wso2.am:am-parent (Maven) Feb 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database