Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,855 advisories

Loading
Mautic allows Improper Authorization in Reporting API High
CVE-2024-47053 was published for mautic/core (Composer) Feb 26, 2025
escopecz patrykgruszka
Credited to escopecz and patrykgruszka
Moodle's feedback response viewing and deletions did not respect Separate Groups mode Moderate
CVE-2025-26526 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle has an IDOR in badges allows disabling of arbitrary badges Low
CVE-2025-26531 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle allows teachers to evade trusttext config when restoring glossary entries Low
CVE-2025-26532 was published for moodle/moodle (Composer) Feb 24, 2025
Mattermost fails to restrict channel export of archived channels Moderate
CVE-2025-24526 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 24, 2025
The product performs an authorization check when an actor attempts to access a resource or... High Unreviewed
CVE-2024-5705 was published Feb 20, 2025
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an... Moderate Unreviewed
CVE-2024-45081 was published Feb 19, 2025
Directus allows updates to non-allowed fields due to overlapping policies Moderate
CVE-2025-27089 was published for @directus/api (npm) Feb 19, 2025
hanneskuettner
Credited to hanneskuettner
Insecure Permissions in Atos Eviden IDRA and IDCA before 2.7.0. A highly trusted role (Config... Moderate Unreviewed
CVE-2024-39328 was published Feb 18, 2025
app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search. Moderate Unreviewed
CVE-2024-57969 was published Feb 14, 2025
Instaclustr Cassandra-Lucene-Index allows bypass of Cassandra RBAC High
CVE-2025-26511 was published for com.instaclustr:cassandra-lucene-index-plugin (Maven) Feb 13, 2025
jfleming-ic
Credited to jfleming-ic
Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace... High Unreviewed
CVE-2025-0937 was published Feb 12, 2025
Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8... Moderate Unreviewed
CVE-2025-0516 was published Feb 12, 2025
An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate... Moderate Unreviewed
CVE-2024-54916 was published Feb 12, 2025
Improper Authorization vulnerability in Magento and Adobe Commerce Critical
CVE-2025-24434 was published for magento/community-edition (Composer) Feb 11, 2025
ihor-sviziev
Credited to ihor-sviziev
Magento Improper Access Control vulnerability Moderate
CVE-2025-24436 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24437 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Incorrect Authorization vulnerability Moderate
CVE-2025-24421 was published for magento/community-edition (Composer) Feb 11, 2025
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are... Moderate Unreviewed
CVE-2025-24420 was published Feb 11, 2025
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are... High Unreviewed
CVE-2025-24407 was published Feb 11, 2025
Adobe Commerce Improper Authorization vulnerability High
CVE-2025-24409 was published for magento/community-edition (Composer) Feb 11, 2025
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are... Moderate Unreviewed
CVE-2025-24419 was published Feb 11, 2025
The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain... Moderate Unreviewed
CVE-2025-24872 was published Feb 11, 2025
SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose... Moderate Unreviewed
CVE-2025-24869 was published Feb 11, 2025
An authorization issue was addressed with improved state management. This issue is fixed in... High Unreviewed
CVE-2025-24200 was published Feb 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database