Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,730
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

456 advisories

Loading
Moodle allows users to retrieve information they did not have permission to access Moderate
CVE-2024-45689 was published for moodle/moodle (Composer) Nov 20, 2024
MantisBT Missing Authorization access check in bug_actiongroup.php Moderate
CVE-2020-29604 was published for mantisbt/mantisbt (Composer) May 24, 2022
Lack of authentication mechanism in Jenkins DotCi Plugin webhook Moderate
CVE-2022-41238 was published for com.groupon.jenkins-ci.plugins:DotCi (Maven) Sep 22, 2022
NotMyFault
Mautic segment cloning doesn't have a proper permission check Moderate
CVE-2024-47055 was published for mautic/core (Composer) May 28, 2025
abhisekmazumdar patrykgruszka
nick-vanpraet
Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed High
CVE-2025-22235 was published for org.springframework.boot:spring-boot (Maven) Apr 28, 2025
Jenkins Cadence vManager Plugin is Missing Permission Checks Moderate
CVE-2025-47887 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 14, 2025
The WikiManager REST API allows any user to create wikis High
CVE-2025-29926 was published for org.xwiki.platform:xwiki-platform-wiki-rest-default (Maven) Mar 19, 2025
Controller reconciles apps outside configured namespaces when sharding is enabled High
CVE-2023-22736 was published for github.com/argoproj/argo-cd/v2 (Go) Jan 25, 2023
czchen crenshaw-dev
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd sunSUNQ
XWiki missing authorization when accessing the wiki level attachments list and metadata via REST API Moderate
CVE-2025-46554 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Apr 30, 2025
LMonert
Any user with view access to the XWiki space can change the authenticator High
CVE-2025-46557 was published for org.xwiki.platform:xwiki-platform-security-authentication-ui (Maven) Apr 30, 2025
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs Moderate
CVE-2022-45390 was published for io.loader:loaderio-jenkins-plugin (Maven) Nov 16, 2022
NotMyFault
org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right Critical
CVE-2025-32973 was published for org.xwiki.platform:xwiki-platform-component-wiki (Maven) Apr 29, 2025
YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download Critical
CVE-2025-46348 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
pizza-power
Drupal OAuth2 Server Missing Authorization vulnerability High
CVE-2025-31691 was published for drupal/oauth2_server (Composer) Apr 1, 2025
Drupal Open Social Missing Authorization vulnerability High
CVE-2025-31686 was published for goalgorilla/open_social (Composer) Apr 1, 2025
Drupal Open Social Missing Authorization vulnerability Moderate
CVE-2025-31685 was published for goalgorilla/open_social (Composer) Apr 1, 2025
Drupal Authenticator Login Missing Authorization vulnerability High
CVE-2025-31681 was published for drupal/alogin (Composer) Apr 1, 2025
Drupal AI Missing Authorization vulnerability Moderate
CVE-2025-31678 was published for drupal/ai (Composer) Apr 1, 2025
CKAN contains Improper Authentication leading to account takeover High
CVE-2022-43685 was published for ckan (pip) Nov 22, 2022
Moodle shows hidden grades to users without permission on some grade reports Moderate
CVE-2025-32045 was published for moodle/moodle (Composer) Apr 25, 2025
Juju uses a UNIX domain socket without setting appropriate permissions Critical
CVE-2017-9232 was published for github.com/juju/juju (Go) May 13, 2022
TYPO3 femanager extension allows remote frontend users to modify or delete records of other frontend users Moderate
CVE-2014-6292 was published for in2code/femanager (Composer) May 13, 2022
OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests Moderate
CVE-2014-0167 was published for nova (pip) May 17, 2022
Apache Archiva does not require entry of the administrator's password at the time of modifying a user account Moderate
CVE-2010-4408 was published for org.apache.archiva:archiva (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database