Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,859 advisories

Loading
Fujitsu iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is... High Unreviewed
CVE-2025-65002 was published Nov 12, 2025
Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability.... High Unreviewed
CVE-2025-61830 was published Nov 11, 2025
A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users... High Unreviewed
CVE-2025-11862 was published Nov 11, 2025
The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12621 was published Nov 8, 2025
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the... High Unreviewed
CVE-2025-37736 was published Nov 8, 2025
An issue was discovered in rymcu forest thru commit f782e85 (2025-09-04) in function doBefore in... Moderate Unreviewed
CVE-2025-63687 was published Nov 7, 2025
An authentication issue was addressed with improved state management. This issue is fixed in... Moderate Unreviewed
CVE-2025-43459 was published Nov 4, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2025-43387 was published Nov 4, 2025
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43397 was published Nov 4, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-43336 was published Nov 4, 2025
The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an... Moderate Unreviewed
CVE-2025-12038 was published Nov 1, 2025
Liferay Portal and DXP do not check permissions of images in a blog entry Moderate
CVE-2025-62275 was published for com.liferay:com.liferay.blogs.item.selector.web (Maven) Nov 1, 2025
Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability... High Unreviewed
CVE-2025-34273 was published Oct 31, 2025
Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability.... High Unreviewed
CVE-2023-7322 was published Oct 31, 2025
Drupal CivicTheme Design System allows Forceful Browsing High
CVE-2025-12082 was published for drupal/civictheme (Composer) Oct 30, 2025
Liferay Portal Does Not Limit Access to APIs Before Email Verification Moderate
CVE-2025-62259 was published for com.liferay.portal:release.portal.bom (Maven) Oct 28, 2025
GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4... Moderate Unreviewed
CVE-2025-11971 was published Oct 27, 2025
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for... Low Unreviewed
CVE-2025-11888 was published Oct 25, 2025
OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method High
CVE-2025-59048 was published for github.com/openbao/openbao-plugins (Go) Oct 23, 2025
pkarakal
Credited to pkarakal
Moodle sends quiz-related messages to inactive/suspended users Moderate
CVE-2025-62394 was published for moodle/moodle (Composer) Oct 23, 2025
Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually Moderate
GHSA-m895-2hj3-8cg9 was published for shopware/core (Composer) Oct 21, 2025
JoshuaBehrens
Credited to JoshuaBehrens
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not... Moderate Unreviewed
CVE-2025-62651 was published Oct 17, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the... Moderate Unreviewed
CVE-2025-62647 was published Oct 17, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote... Moderate Unreviewed
CVE-2025-62648 was published Oct 17, 2025
Ash has authorization bypass when bypass policy condition evaluates to true High
CVE-2025-48044 was published for ash (Erlang) Oct 17, 2025
jechol maennchen
zachdaniel
Credited to jechol, maennchen, and zachdaniel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database