Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

355 advisories

Loading
Mattermost has a Missing Authorization vulnerability Moderate
CVE-2025-41410 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Mattermost has a Missing Authorization vulnerability Moderate
CVE-2025-41443 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Jenkins is missing a permission check in the authenticated users' profile menu Moderate
CVE-2025-59475 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
Jenkins has a missing permission check, allowing users to obtain agent names Moderate
CVE-2025-59474 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
Liferay Portal allows remote attackers to view display page templates via crafted URLs Moderate
CVE-2025-43805 was published for com.liferay:com.liferay.asset.display.page.service (Maven) Sep 17, 2025
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another Moderate
CVE-2025-59160 was published for matrix-js-sdk (npm) Sep 16, 2025
cai0duque
Credited to cai0duque
Mattermost Missing Authorization vulnerability Moderate
CVE-2025-9076 was published for github.com/mattermost/mattermost-server (Go) Sep 15, 2025
Liferay Portal's Organization Selector exposes organization data to remote authenticated users Moderate
CVE-2025-43788 was published for com.liferay:com.liferay.organizations.item.selector.web (Maven) Sep 12, 2025
copyparty: Sharing a single file does not fully restrict access to other files in source folder Moderate
CVE-2025-58753 was published for copyparty (pip) Sep 9, 2025
TYPO3 backend modules have Broken Access Control Moderate
CVE-2025-59017 was published for typo3/cms-backend (Composer) Sep 9, 2025
Jenkins OpenTelemetry Plugin missing permission check allows capturing credentials Moderate
CVE-2025-58460 was published for io.jenkins.plugins:opentelemetry (Maven) Sep 3, 2025
Liferay Portal allows improper access through the expandoTableLocalService Moderate
CVE-2025-43773 was published for com.liferay:com.liferay.portal.workflow.kaleo.runtime.impl (Maven) Aug 29, 2025
Mattermost Confluence Plugin has Missing Authorization vulnerability Moderate
CVE-2025-53910 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
Mattermost Confluence Plugin has Missing Authorization vulnerability Moderate
CVE-2025-54458 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
Mattermost Confluence Plugin has Missing Authorization vulnerability Moderate
CVE-2025-8285 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
Mattermost Confluence Plugin has Missing Authorization vulnerability Moderate
CVE-2025-48731 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
Mattermost Confluence Plugin has Missing Authorization vulnerability Moderate
CVE-2025-44001 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
Indico vulnerability allows attackers to bulk dump user details Moderate
CVE-2025-53640 was published for indico (pip) Jul 14, 2025
rafaelcorvino1 rildosouza
nmmorette
Credited to rafaelcorvino1, rildosouza, and nmmorette
n8n is vulnerable to Improper Authorization through its `/stop` endpoint Moderate
CVE-2025-52554 was published for n8n (npm) Jul 3, 2025
pfelilpe MarcL
LucianoSorrentino95 agustedone ffaggiani
Credited to pfelilpe, MarcL, LucianoSorrentino95, agustedone, and ffaggiani
Drupal Quick Node Block Missing Authorization vulnerability Moderate
CVE-2025-48013 was published for drupal/quick_node_block (Composer) Jun 11, 2025
Drupal Quick Node Block Missing Authorization vulnerability Moderate
CVE-2025-48444 was published for drupal/quick_node_block (Composer) Jun 11, 2025
GeoServer Missing Authorization on REST API Index Moderate
CVE-2025-27505 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
sikeoka
Credited to sikeoka
Mautic segment cloning doesn't have a proper permission check Moderate
CVE-2024-47055 was published for mautic/core (Composer) May 28, 2025
abhisekmazumdar patrykgruszka
nick-vanpraet
Credited to abhisekmazumdar, patrykgruszka, and nick-vanpraet
Jenkins Cadence vManager Plugin is Missing Permission Checks Moderate
CVE-2025-47887 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 14, 2025
XWiki missing authorization when accessing the wiki level attachments list and metadata via REST API Moderate
CVE-2025-46554 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Apr 30, 2025
LMonert
Credited to LMonert
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database