Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

271 advisories

Loading
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate... High Unreviewed
CVE-2025-30389 was published Apr 30, 2025
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module. High Unreviewed
CVE-2025-32982 was published Apr 25, 2025
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute... High Unreviewed
CVE-2025-29794 was published Apr 8, 2025
Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges... High Unreviewed
CVE-2025-26683 was published Apr 1, 2025
Insecure Direct Object References (IDOR) in access control in Tracking 2.1.4 on NightWolf... High Unreviewed
CVE-2025-3014 was published Mar 31, 2025
Insecure Direct Object References (IDOR) in access control in Customer Portal before 2.1.4 on... High Unreviewed
CVE-2025-3013 was published Mar 31, 2025
LiteLLM Has an Improper Authorization Vulnerability High
CVE-2025-0628 was published for litellm (pip) Mar 20, 2025
In lunary-ai/lunary before version 1.4.26, the checklists.post() endpoint allows users to create... High Unreviewed
CVE-2024-9000 was published Mar 20, 2025
In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows low-privilege users to... High Unreviewed
CVE-2024-9096 was published Mar 20, 2025
A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute... High Unreviewed
CVE-2024-8764 was published Mar 20, 2025
A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover... High Unreviewed
CVE-2024-12880 was published Mar 20, 2025
The WikiManager REST API allows any user to create wikis High
CVE-2025-29926 was published for org.xwiki.platform:xwiki-platform-wiki-rest-default (Maven) Mar 19, 2025
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and... High Unreviewed
CVE-2025-30117 was published Mar 18, 2025
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate... High Unreviewed
CVE-2025-24053 was published Mar 13, 2025
Mautic allows Improper Authorization in Reporting API High
CVE-2024-47053 was published for mautic/core (Composer) Feb 26, 2025
escopecz patrykgruszka
Credited to escopecz and patrykgruszka
The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information... High Unreviewed
CVE-2025-1361 was published Feb 22, 2025
Adobe Commerce Improper Authorization vulnerability High
CVE-2025-24409 was published for magento/community-edition (Composer) Feb 11, 2025
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are... High Unreviewed
CVE-2025-24418 was published Feb 11, 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability High Unreviewed
CVE-2025-21400 was published Feb 11, 2025
Contrast's unauthenticated recovery allows Coordinator impersonation High
GHSA-vqv5-385r-2hf8 was published for github.com/edgelesssys/contrast (Go) Feb 5, 2025
3u13r burgerdev
katexochen
Credited to 3u13r, burgerdev, and katexochen
MarbleRun unauthenticated recovery allows Coordinator impersonation High
GHSA-w7wm-2425-7p2h was published for github.com/edgelesssys/marblerun (Go) Feb 4, 2025
The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that... High Unreviewed
CVE-2024-13646 was published Jan 30, 2025
The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)... High Unreviewed
CVE-2024-13694 was published Jan 30, 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability High Unreviewed
CVE-2025-21348 was published Jan 14, 2025
Windows App Package Installer Elevation of Privilege Vulnerability High Unreviewed
CVE-2025-21275 was published Jan 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database