Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

92 advisories

Loading
Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions High
CVE-2025-59828 was published for @anthropic-ai/claude-code (npm) Sep 24, 2025
cai0duque
Credited to cai0duque
MARIN3R: Cross-Namespace Vulnerability in the Operator High
CVE-2025-64171 was published for github.com/3scale-sre/marin3r (Go) Nov 4, 2025
debuggerchen
Credited to debuggerchen
Drupal Acquia DAM allows Forceful Browsing High
CVE-2025-9954 was published for drupal/acquia_dam (Composer) Oct 30, 2025
Authentication bypass for viewing and deletions of snapshots High
CVE-2021-39226 was published for github.com/grafana/grafana (Go) Oct 5, 2021
theblackturtle
Credited to theblackturtle
Mattermost has a Missing Authorization vulnerability High
CVE-2025-58075 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Mattermost has a Missing Authorization vulnerability High
CVE-2025-58073 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Open WebUI Allows Arbitrary File Reading and Deletion High
CVE-2024-7043 was published for open-webui (pip) Mar 20, 2025
Flowise has unsandboxed remote code execution via Custom MCP High
GHSA-6933-jpx5-q87q was published for flowise (npm) Sep 15, 2025
assaf-levkovich-jf
Credited to assaf-levkovich-jf
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation High
CVE-2025-57817 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher erosselli
daveqnet
Credited to thabofletcher, erosselli, and daveqnet
UnoPim has Broken Access Control High
CVE-2025-55741 was published for unopim/unopim (Composer) Aug 22, 2025
0xcharb
Credited to 0xcharb
HAX CMS API Lacks Authorization Checks High
CVE-2025-54378 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 25, 2025
lfgberg
Credited to lfgberg
Backend.AI Missing Authorization vulnerability High
CVE-2025-49651 was published for backend.ai (pip) Jun 9, 2025
Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed High
CVE-2025-22235 was published for org.springframework.boot:spring-boot (Maven) Apr 28, 2025
The WikiManager REST API allows any user to create wikis High
CVE-2025-29926 was published for org.xwiki.platform:xwiki-platform-wiki-rest-default (Maven) Mar 19, 2025
Controller reconciles apps outside configured namespaces when sharding is enabled High
CVE-2023-22736 was published for github.com/argoproj/argo-cd/v2 (Go) Jan 25, 2023
czchen crenshaw-dev
Credited to czchen and crenshaw-dev
Any user with view access to the XWiki space can change the authenticator High
CVE-2025-46557 was published for org.xwiki.platform:xwiki-platform-security-authentication-ui (Maven) Apr 30, 2025
Drupal OAuth2 Server Missing Authorization vulnerability High
CVE-2025-31691 was published for drupal/oauth2_server (Composer) Apr 1, 2025
Drupal Open Social Missing Authorization vulnerability High
CVE-2025-31686 was published for goalgorilla/open_social (Composer) Apr 1, 2025
Drupal Authenticator Login Missing Authorization vulnerability High
CVE-2025-31681 was published for drupal/alogin (Composer) Apr 1, 2025
CKAN contains Improper Authentication leading to account takeover High
CVE-2022-43685 was published for ckan (pip) Nov 22, 2022
Velociraptor vulnerable to Missing Authorization High
CVE-2023-0242 was published for www.velocidex.com/golang/velociraptor (Go) Jan 18, 2023
pgadmin4 vulnerable to Code Injection High
CVE-2022-4223 was published for pgadmin4 (pip) Dec 13, 2022
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
Credited to mollux, escopecz, and patrykgruszka
Missing permission checks in Jenkins Chaos Monkey Plugin High
CVE-2020-2322 was published for io.jenkins.plugins:chaos-monkey (Maven) May 24, 2022
NotMyFault anonymous-nlp-student
Credited to NotMyFault and anonymous-nlp-student
Apache Airflow: Bypass permission verification to read code of other dags High
CVE-2023-50944 was published for apache-airflow (pip) Jan 24, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database