Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

80 advisories

Loading
In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System... Critical Unreviewed
CVE-2025-63691 was published Nov 7, 2025
Better Auth: Unauthenticated API key creation through api-key plugin Critical
CVE-2025-61928 was published for better-auth (npm) Oct 9, 2025
etiennelunetta
Credited to etiennelunetta
XWiki OIDC Authenticator: Users with "view" access can create tokens for any users they can view Critical
CVE-2025-49594 was published for org.xwiki.contrib.oidc:oidc-authenticator (Maven) Oct 6, 2025
An authorization issue was addressed with improved state management. This issue is fixed in tvOS... Critical Unreviewed
CVE-2025-31255 was published Sep 16, 2025
Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2025-53795 was published Aug 21, 2025
The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to... Critical Unreviewed
CVE-2025-7778 was published Aug 15, 2025
Azure Portal Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2025-53792 was published Aug 7, 2025
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate... Critical Unreviewed
CVE-2025-49746 was published Jul 18, 2025
The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing... Critical Unreviewed
CVE-2025-4631 was published May 31, 2025
Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges... Critical Unreviewed
CVE-2025-29827 was published May 9, 2025
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a... Critical Unreviewed
CVE-2025-4104 was published May 7, 2025
The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper... Critical Unreviewed
CVE-2025-3918 was published May 3, 2025
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2025-30392 was published Apr 30, 2025
Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. Critical Unreviewed
CVE-2025-30390 was published Apr 30, 2025
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function... Critical Unreviewed
CVE-2025-29659 was published Apr 21, 2025
NATS Server may fail to authorize certain Jetstream admin APIs Critical
CVE-2025-30215 was published for github.com/nats-io/nats-server/v2 (Go) Apr 15, 2025
zarqman
Credited to zarqman
Authorization Bypass in Next.js Middleware Critical
CVE-2025-29927 was published for next (npm) Mar 21, 2025
cold-try
Credited to cold-try
kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace Critical
CVE-2025-29922 was published for github.com/kcp-dev/kcp (Go) Mar 20, 2025
xmudrii
Credited to xmudrii
In lunary-ai/lunary version v1.4.28, the /bigquery API route lacks proper access control,... Critical Unreviewed
CVE-2024-9095 was published Mar 20, 2025
Fleet has SAML authentication vulnerability due to improper SAML response validation Critical
CVE-2025-27509 was published for github.com/fleetdm/fleet/v4 (Go) Mar 6, 2025
hakivvi lucasmrod
getvictor rh-colbymorgan jeffssh
Credited to hakivvi, lucasmrod, getvictor, rh-colbymorgan, and jeffssh
Improper Authorization vulnerability in Magento and Adobe Commerce Critical
CVE-2025-24434 was published for magento/community-edition (Composer) Feb 11, 2025
ihor-sviziev
Credited to ihor-sviziev
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid... Critical Unreviewed
CVE-2025-20125 was published Feb 5, 2025
Gradio Blocked Path ACL Bypass Vulnerability Critical
CVE-2025-23042 was published for gradio (pip) Jan 14, 2025
superboy-zjc jackfromeast
Credited to superboy-zjc and jackfromeast
Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common... Critical Unreviewed
CVE-2024-13241 was published Jan 9, 2025
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto Critical
CVE-2024-45337 was published for golang.org/x/crypto (Go) Dec 11, 2024
ryanbekhen SuperSandro2000
Credited to ryanbekhen and SuperSandro2000
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database