Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

321 advisories

Loading
An access issue was addressed with improved access restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2025-24271 was published Apr 29, 2025
Rasa Pro Missing Authentication For Voice Connector APIs Moderate
CVE-2025-32377 was published for rasa-pro (pip) Apr 17, 2025
ash_authentication has email link auto-click account confirmation vulnerability Moderate
CVE-2025-32782 was published for ash_authentication (Erlang) Apr 14, 2025
zachdaniel jimsynz
maennchen barnabasJ sevenseacat
Missing Authentication for Critical Function vulnerability in Drupal Panels allows Exploiting... Moderate Unreviewed
CVE-2025-3474 was published Apr 9, 2025
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web... Moderate Unreviewed
CVE-2024-41791 was published Apr 8, 2025
In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to... Moderate Unreviewed
CVE-2025-32357 was published Apr 5, 2025
HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential... Moderate Unreviewed
CVE-2025-0257 was published Apr 3, 2025
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 /... Moderate Unreviewed
CVE-2024-56469 was published Mar 27, 2025
A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is... Moderate Unreviewed
CVE-2024-45355 was published Mar 27, 2025
HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information... Moderate Unreviewed
CVE-2025-0256 was published Mar 24, 2025
CosmWasm Allows Bypass of Capability Restrictions in Blockchains Moderate
CVE-2025-25500 was published for cosmwasm (Rust) Mar 18, 2025
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2024-13772 was published Mar 14, 2025
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8),... Moderate Unreviewed
CVE-2024-52285 was published Mar 11, 2025
SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular... Moderate Unreviewed
CVE-2025-23194 was published Mar 11, 2025
Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow... Moderate Unreviewed
CVE-2024-57055 was published Feb 18, 2025
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version)... Moderate Unreviewed
CVE-2025-25224 was published Feb 18, 2025
An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify... Moderate Unreviewed
CVE-2024-57725 was published Feb 14, 2025
A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in... Moderate Unreviewed
CVE-2025-26360 was published Feb 12, 2025
wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability... Moderate Unreviewed
CVE-2024-10649 was published Feb 10, 2025
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0... Moderate Unreviewed
CVE-2024-54176 was published Feb 8, 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported... Moderate Unreviewed
CVE-2025-21559 was published Jan 21, 2025
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication... Moderate Unreviewed
CVE-2025-24456 was published Jan 21, 2025
An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000... Moderate Unreviewed
CVE-2024-39773 was published Jan 14, 2025
The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some... Moderate Unreviewed
CVE-2024-13185 was published Jan 8, 2025
The health module has insufficient restrictions on loading URLs, which may lead to some... Moderate Unreviewed
CVE-2024-13173 was published Jan 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database