Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

768 advisories

Loading
Apache Superset Allows Ownership Takeover Moderate
CVE-2025-27696 was published for apache-superset (pip) May 13, 2025
XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right Moderate
CVE-2025-48063 was published for org.xwiki.platform:xwiki-platform-security-authorization-bridge (Maven) May 21, 2025
OpenFGA Authorization Bypass Moderate
CVE-2025-48371 was published for github.com/openfga/openfga (Go) May 23, 2025
udyvish
Credited to udyvish
A vulnerability has been found in Summer Pearl Group Vacation Rental Management Platform up to 1... Moderate Unreviewed
CVE-2025-5182 was published May 26, 2025
The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to... High Unreviewed
CVE-2025-4672 was published May 31, 2025
The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing... Critical Unreviewed
CVE-2025-4631 was published May 31, 2025
The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing... High Unreviewed
CVE-2025-4103 was published May 31, 2025
Grafana's datasource proxy API allows authorization checks to be bypassed Moderate
CVE-2025-3454 was published for github.com/grafana/grafana (Go) Jun 2, 2025
Magento Improper Authorization leading to security feature bypass High
CVE-2025-43585 was published for magento/community-edition (Composer) Jun 10, 2025
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a... High Unreviewed
CVE-2024-43706 was published Jun 10, 2025
Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Authorization... High Unreviewed
CVE-2025-46840 was published Jun 11, 2025
Salt vulnerable to arbitrary event injection High
CVE-2025-22239 was published for salt (pip) Jun 13, 2025
A vulnerability was found in ScriptAndTools Real Estate Management System 1.0. It has been rated... Moderate Unreviewed
CVE-2025-6329 was published Jun 20, 2025
Claude Code Improper Authorization via websocket connections from arbitrary origins High
CVE-2025-52882 was published for @anthropic-ai/claude-code (npm) Jun 23, 2025
When a link can be opened in an external application, Firefox for Android will, by default,... Moderate Unreviewed
CVE-2025-6431 was published Jun 26, 2025
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)... Moderate Unreviewed
CVE-2025-20264 was published Jun 26, 2025
Graylog vulnerable to privilege escalation through API tokens High
CVE-2025-53106 was published for org.graylog2:graylog2-server (Maven) Jun 30, 2025
thll
Credited to thll
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of... Low Unreviewed
CVE-2025-4654 was published Jul 2, 2025
An unauthorized user may leverage a specially crafted aggregation pipeline to access data without... High Unreviewed
CVE-2025-6713 was published Jul 7, 2025
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute... High Unreviewed
CVE-2025-49701 was published Jul 8, 2025
Juju allows arbitrary executable uploads via authenticated endpoint without authorization High
CVE-2025-0928 was published for github.com/juju/juju (Go) Jul 9, 2025
tlm wallyworld
hpidcock Fedqys
Credited to tlm, wallyworld, hpidcock, and Fedqys
Secure-upload is a data submission service that validates single-use tokens when accepting... Moderate Unreviewed
CVE-2025-53709 was published Jul 10, 2025
The Application is vulnerable to an Unauthenticated Arbitrary File Read. This affects the Agent... High Unreviewed
CVE-2024-26291 was published Jul 14, 2025
Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows Moderate
CVE-2025-53889 was published for directus (npm) Jul 15, 2025
licitdev
Credited to licitdev
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web... Moderate Unreviewed
CVE-2025-50073 was published Jul 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database