Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,849 advisories

Loading
An Improper Access Control could allow a malicious actor authenticated in the API of certain... Moderate Unreviewed
CVE-2025-27213 was published Aug 21, 2025
Mattermost Lack of Access Control Validation Low
CVE-2025-49810 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
Mattermost Fails to Properly Validate Team Role Modification Low
CVE-2025-53971 was published for github.com/mattermost/mattermost-server (Go) Aug 21, 2025
IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004... Critical Unreviewed
CVE-2025-36157 was published Aug 24, 2025
An access control vulnerability was discovered in the Request Trace and Download Trace... Moderate Unreviewed
CVE-2025-1501 was published Aug 26, 2025
Kubernetes Nodes can delete themselves by adding an OwnerReference Moderate
CVE-2025-5187 was published for k8s.io/kubernetes (Go) Aug 27, 2025
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for... Moderate Unreviewed
CVE-2025-9376 was published Aug 28, 2025
Incorrect authorization in Kibana can lead to privilege escalation via the built-in... Moderate Unreviewed
CVE-2025-25010 was published Aug 28, 2025
A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of... Moderate Unreviewed
CVE-2025-9602 was published Aug 29, 2025
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to... High Unreviewed
CVE-2025-55177 was published Aug 29, 2025
rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability... Low Unreviewed
CVE-2025-7974 was published Sep 2, 2025
A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function... Moderate Unreviewed
CVE-2025-9835 was published Sep 3, 2025
In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due... High Unreviewed
CVE-2025-32333 was published Sep 4, 2025
In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without... High Unreviewed
CVE-2025-48523 was published Sep 4, 2025
NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with... High Unreviewed
CVE-2025-23256 was published Sep 5, 2025
NVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with... Moderate Unreviewed
CVE-2025-23262 was published Sep 5, 2025
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect... Moderate Unreviewed
CVE-2025-26442 was published Sep 5, 2025
In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an... High Unreviewed
CVE-2025-26436 was published Sep 5, 2025
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Incorrect Authorization... Moderate Unreviewed
CVE-2025-54246 was published Sep 9, 2025
Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated... Moderate Unreviewed
CVE-2025-58134 was published Sep 10, 2025
Liferay Portal's Incorrect Authorization vulnerability can lead to guest users to obtaining sensitive data Moderate
CVE-2025-43784 was published for com.liferay:com.liferay.headless.builder.impl (Maven) Sep 10, 2025
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
CVE-2025-11060 was published for SurrealDB (Rust) Sep 11, 2025
kearfy
Credited to kearfy
Liferay Portal JSON Web Services Direct Class Invocation Enables Service Access Policy Execution Low
CVE-2025-43789 was published for com.liferay:com.liferay.comment.web (Maven) Sep 12, 2025
Before action, Ash's hooks may execute in certain scenarios despite a request being forbidden High
CVE-2025-48042 was published for ash (Erlang) Sep 15, 2025
zachdaniel maennchen
Credited to zachdaniel and maennchen
This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26... Moderate Unreviewed
CVE-2025-31254 was published Sep 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database