Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

368 advisories

Loading
XWiki view file macro: User can view content of office file without view rights on the attachment Moderate
CVE-2025-65089 was published for com.xwiki.pro:xwiki-pro-macros-ui (Maven) Nov 18, 2025
kgateway is missing xDS authorization Moderate
CVE-2025-64323 was published for github.com/kgateway-dev/kgateway/v2 (Go) Nov 4, 2025
rikatz
Credited to rikatz
lakeFS affected by unauthenticated access to API usage metrics Moderate
CVE-2025-64179 was published for github.com/treeverse/lakefs (Go) Nov 3, 2025
arielshaqed nopcoder
Credited to arielshaqed and nopcoder
Jenkins Publish to Bitbucket Plugin is missing a permissions check Moderate
CVE-2025-64150 was published for org.jenkins-ci.plugins:publish-to-bitbucket (Maven) Oct 29, 2025
Jenkins Publish to Bitbucket Plugin is missing a permissions check Moderate
CVE-2025-64148 was published for org.jenkins-ci.plugins:publish-to-bitbucket (Maven) Oct 29, 2025
Jenkins Nexus Task Runner Plugin is missing a permission check Moderate
CVE-2025-64142 was published for org.jenkins-ci.plugins:nexus-task-runner (Maven) Oct 29, 2025
Jenkins MCP Server Plugin does not perform permission checks in multiple MCP tools Moderate
CVE-2025-64132 was published for io.jenkins.plugins:mcp-server (Maven) Oct 29, 2025
Jenkins Themis Plugin is missing a permission check Moderate
CVE-2025-64137 was published for org.jenkins-ci.plugins:themis (Maven) Oct 29, 2025
Jenkins Start Windocks Containers Plugin is missing a permission check Moderate
CVE-2025-64139 was published for org.jenkins-ci.plugins:windocks-start-container (Maven) Oct 29, 2025
Liferay Portal and DXP do not properly restrict access to OpenAPI Moderate
CVE-2025-62256 was published for com.liferay:com.liferay.portal.security.auth.verifier (Maven) Oct 23, 2025
Shopware Customer Orders can be canceled, even if refunds are disabled Moderate
GHSA-r2vg-hvjm-fg38 was published for shopware/core (Composer) Oct 21, 2025
aragon999
Credited to aragon999
Mattermost has a Missing Authorization vulnerability Moderate
CVE-2025-41443 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Mattermost has a Missing Authorization vulnerability Moderate
CVE-2025-41410 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
PowerJob OpenAPIController is missing authorization Moderate
CVE-2025-11581 was published for tech.powerjob:powerjob-server-starter (Maven) Oct 10, 2025
Jenkins is missing a permission check in the authenticated users' profile menu Moderate
CVE-2025-59475 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
Jenkins has a missing permission check, allowing users to obtain agent names Moderate
CVE-2025-59474 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
Liferay Portal allows remote attackers to view display page templates via crafted URLs Moderate
CVE-2025-43805 was published for com.liferay:com.liferay.asset.display.page.service (Maven) Sep 17, 2025
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another Moderate
CVE-2025-59160 was published for matrix-js-sdk (npm) Sep 16, 2025
cai0duque
Credited to cai0duque
Mattermost Missing Authorization vulnerability Moderate
CVE-2025-9076 was published for github.com/mattermost/mattermost-server (Go) Sep 15, 2025
Liferay Portal's Organization Selector exposes organization data to remote authenticated users Moderate
CVE-2025-43788 was published for com.liferay:com.liferay.organizations.item.selector.web (Maven) Sep 12, 2025
copyparty: Sharing a single file does not fully restrict access to other files in source folder Moderate
CVE-2025-58753 was published for copyparty (pip) Sep 9, 2025
TYPO3 backend modules have Broken Access Control Moderate
CVE-2025-59017 was published for typo3/cms-backend (Composer) Sep 9, 2025
Jenkins OpenTelemetry Plugin missing permission check allows capturing credentials Moderate
CVE-2025-58460 was published for io.jenkins.plugins:opentelemetry (Maven) Sep 3, 2025
Liferay Portal allows improper access through the expandoTableLocalService Moderate
CVE-2025-43773 was published for com.liferay:com.liferay.portal.workflow.kaleo.runtime.impl (Maven) Aug 29, 2025
Mattermost Confluence Plugin has Missing Authorization vulnerability Moderate
CVE-2025-8285 was published for github.com/mattermost/mattermost-plugin-confluence (Go) Aug 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database