Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

455 advisories

Loading
Mautic segment cloning doesn't have a proper permission check Moderate
CVE-2024-47055 was published for mautic/core (Composer) May 28, 2025
abhisekmazumdar patrykgruszka
nick-vanpraet
Jenkins Cadence vManager Plugin is Missing Permission Checks Moderate
CVE-2025-47887 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 14, 2025
Any user with view access to the XWiki space can change the authenticator High
CVE-2025-46557 was published for org.xwiki.platform:xwiki-platform-security-authentication-ui (Maven) Apr 30, 2025
XWiki missing authorization when accessing the wiki level attachments list and metadata via REST API Moderate
CVE-2025-46554 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Apr 30, 2025
LMonert
YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download Critical
CVE-2025-46348 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
pizza-power
org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right Critical
CVE-2025-32973 was published for org.xwiki.platform:xwiki-platform-component-wiki (Maven) Apr 29, 2025
Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed High
CVE-2025-22235 was published for org.springframework.boot:spring-boot (Maven) Apr 28, 2025
Moodle shows hidden grades to users without permission on some grade reports Moderate
CVE-2025-32045 was published for moodle/moodle (Composer) Apr 25, 2025
Jenkins Missing Permission Check Moderate
CVE-2025-31721 was published for org.jenkins-ci.main:jenkins-core (Maven) Apr 2, 2025
Jenkins Missing Permission Check Moderate
CVE-2025-31720 was published for org.jenkins-ci.main:jenkins-core (Maven) Apr 2, 2025
Drupal OAuth2 Server Missing Authorization vulnerability High
CVE-2025-31691 was published for drupal/oauth2_server (Composer) Apr 1, 2025
Drupal Authenticator Login Missing Authorization vulnerability High
CVE-2025-31681 was published for drupal/alogin (Composer) Apr 1, 2025
Drupal Open Social Missing Authorization vulnerability High
CVE-2025-31686 was published for goalgorilla/open_social (Composer) Apr 1, 2025
Drupal Open Social Missing Authorization vulnerability Moderate
CVE-2025-31685 was published for goalgorilla/open_social (Composer) Apr 1, 2025
Drupal AI Missing Authorization vulnerability Moderate
CVE-2025-31678 was published for drupal/ai (Composer) Apr 1, 2025
The WikiManager REST API allows any user to create wikis High
CVE-2025-29926 was published for org.xwiki.platform:xwiki-platform-wiki-rest-default (Maven) Mar 19, 2025
Leantime has Missing Authorization Check for Host Parameter Low
GHSA-3hfj-qcvj-4hx8 was published for leantime/leantime (Composer) Feb 21, 2025
harshilsecurify
Missing permission checks in Jenkins Azure Service Fabric Plugin Moderate
CVE-2025-24403 was published for org.jenkins-ci.plugins:service-fabric (Maven) Jan 22, 2025
Indico Insecure Access Moderate
CVE-2024-50633 was published for indico (pip) Jan 16, 2025
XWiki Realtime WYSIWYG Editor extension allows privilege escalation (PR) through realtime WYSIWYG editing Critical
CVE-2025-23025 was published for org.xwiki.platform:xwiki-platform-realtime-wysiwyg-ui (Maven) Jan 14, 2025
Apache NiFi: Missing Complete Authorization for Parameter and Service References Low
CVE-2024-56512 was published for org.apache.nifi:nifi-web-api (Maven) Dec 28, 2024
exceptionfactory
XWiki's scheduler in subwiki allows scheduling operations for any main wiki user Moderate
CVE-2024-55876 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Dec 12, 2024
XWiki allows RCE from script right in configurable sections Critical
CVE-2024-55879 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 12, 2024
Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges Moderate
CVE-2024-52529 was published for github.com/cilium/cilium (Go) Nov 25, 2024
moodle: Some users can delete audiences of other reports Moderate
CVE-2024-48898 was published for moodle/moodle (Composer) Nov 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database