Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,857 advisories

Loading
Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability.... High Unreviewed
CVE-2025-61830 was published Nov 11, 2025
A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users... High Unreviewed
CVE-2025-11862 was published Nov 11, 2025
Incorrect Authorization in Apache Solr Moderate
CVE-2018-11802 was published for org.apache.solr:solr-core (Maven) Feb 9, 2022
tjuyuxinzhang
Credited to tjuyuxinzhang
The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12621 was published Nov 8, 2025
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the... High Unreviewed
CVE-2025-37736 was published Nov 8, 2025
Magento is affected by an improper authorization vulnerability Moderate
CVE-2021-36037 was published for magento/community-edition (Composer) May 24, 2022
Magento discloses sensitive information Moderate
CVE-2021-36039 was published for magento/community-edition (Composer) May 24, 2022
Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability... High Unreviewed
CVE-2025-34273 was published Oct 31, 2025
Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability.... High Unreviewed
CVE-2023-7322 was published Oct 31, 2025
MiR software versions prior to version 3.0.0 have insufficient authorization controls when... Moderate Unreviewed
CVE-2025-9228 was published Aug 20, 2025
A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux... High Unreviewed
CVE-2025-6018 was published Jul 23, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43336 was published Nov 4, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 1.1,... Low Unreviewed
CVE-2024-23262 was published Mar 8, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2023-42860 was published Feb 21, 2024
The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17,... Low Unreviewed
CVE-2023-35990 was published Sep 27, 2023
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby... High Unreviewed
CVE-2020-26560 was published May 24, 2022
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby... High Unreviewed
CVE-2020-26559 was published May 24, 2022
An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17.4... Moderate Unreviewed
CVE-2024-23250 was published Mar 8, 2024
An authentication issue was addressed with improved state management. This issue is fixed in... Critical Unreviewed
CVE-2024-23255 was published Mar 8, 2024
A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera... Moderate Unreviewed
CVE-2023-41994 was published Jan 11, 2024
An authorization issue was addressed with improved state management. This issue is fixed in macOS... Moderate Unreviewed
CVE-2023-41078 was published Sep 27, 2023
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may... Moderate Unreviewed
CVE-2020-26555 was published May 24, 2022
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without... High Unreviewed
CVE-2020-26557 was published May 24, 2022
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline Low
CVE-2024-30260 was published for undici (npm) Apr 4, 2024
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2024-40770 was published Sep 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database