Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,556
Maven
5,000+
npm
4,228
NuGet
747
pip
4,000
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,819 advisories

Loading
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and... Moderate Unreviewed
CVE-2025-54277 was published Oct 14, 2025
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and... High Unreviewed
CVE-2025-54263 was published Oct 14, 2025
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and... Moderate Unreviewed
CVE-2025-54267 was published Oct 14, 2025
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and... Moderate Unreviewed
CVE-2025-54265 was published Oct 14, 2025
SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an authenticated attacker with... Moderate Unreviewed
CVE-2025-42939 was published Oct 14, 2025
Liferay Publications is vulnerable to Incorrect Authorization Moderate
CVE-2025-62243 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
Ash Framework: Filter authorization misapplies impossible bypass/runtime policies High
CVE-2025-48043 was published for ash (Erlang) Oct 13, 2025
maennchen zachdaniel
Credited to maennchen and zachdaniel
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization... Moderate Unreviewed
CVE-2025-7374 was published Oct 10, 2025
GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to... High Unreviewed
CVE-2025-11340 was published Oct 9, 2025
Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to... High Unreviewed
CVE-2025-44824 was published Oct 7, 2025
An access control vulnerability was discovered in the CLI functionality due to a specific access... High Unreviewed
CVE-2025-3719 was published Oct 7, 2025
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long... Low Unreviewed
CVE-2025-59451 was published Oct 6, 2025
The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization... Moderate Unreviewed
CVE-2025-59449 was published Oct 6, 2025
OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be... High Unreviewed
CVE-2025-10696 was published Oct 3, 2025
A regular Zabbix user can search other users in their user group via Zabbix API by select fields... Low Unreviewed
CVE-2025-27236 was published Oct 3, 2025
A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call... Moderate Unreviewed
CVE-2025-49641 was published Oct 3, 2025
Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to... Low Unreviewed
CVE-2025-11239 was published Oct 2, 2025
VMware Tools for Windows contains an improper authorisation vulnerability due to the way it... High Unreviewed
CVE-2025-41246 was published Sep 29, 2025
Duplicate Advisory: SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions Moderate
GHSA-98f8-j56x-2hh4 was published for surrealdb (Rust) Sep 26, 2025 withdrawn
Rancher update on users can deny the service to the admin High
CVE-2024-58260 was published for github.com/rancher/rancher (Go) Sep 26, 2025
Omni Wireguard SideroLink potential escape Low
CVE-2025-59824 was published for github.com/siderolabs/omni (Go) Sep 24, 2025
smira Unix4ever
Credited to smira and Unix4ever
Liferay Portal and DXP does not properly check permission with import and export tasks Moderate
CVE-2025-43806 was published for com.liferay:com.liferay.batch.engine.service (Maven) Sep 23, 2025
Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass) High
CVE-2025-59420 was published for authlib (pip) Sep 22, 2025
AL-Cybision
Credited to AL-Cybision
In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can... Moderate Unreviewed
CVE-2025-59714 was published Sep 19, 2025
The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private... Moderate Unreviewed
CVE-2025-10015 was published Sep 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database