Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,597 advisories

Loading
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-3861 was published Apr 25, 2025
In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new... Moderate Unreviewed
CVE-2025-46544 was published Apr 25, 2025
Mattermost Playbooks fails to properly validate permissions Low
CVE-2025-41423 was published for github.com/mattermost/mattermost-plugin-playbooks (Go) Apr 24, 2025
A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive... Moderate Unreviewed
CVE-2024-10306 was published Apr 23, 2025
The FileWave Windows client before 16.0.0, in some non-default configurations, allows an... High Unreviewed
CVE-2025-43922 was published Apr 21, 2025
Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux... Moderate Unreviewed
CVE-2024-12862 was published Apr 21, 2025
In Soffid Console 3.5.38 before 3.5.39, necessary checks were not applied to some Java objects. A... High Unreviewed
CVE-2025-32408 was published Apr 21, 2025
GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create... Moderate Unreviewed
CVE-2025-43921 was published Apr 20, 2025
In Pritunl Client before 1.3.4220.57, an administrator with access to /Applications can escalate... High Unreviewed
CVE-2025-43917 was published Apr 19, 2025
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated... Moderate Unreviewed
CVE-2024-49808 was published Apr 18, 2025
The Password Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products –... Moderate Unreviewed
CVE-2025-3453 was published Apr 17, 2025
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2025-2564 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2025-27571 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
kbsteere
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-24839 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 16, 2025
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported... Low Unreviewed
CVE-2025-30703 was published Apr 15, 2025
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite ... Moderate Unreviewed
CVE-2025-21582 was published Apr 15, 2025
Mattermost Incorrect Authorization vulnerability Low
CVE-2025-2424 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 14, 2025
Mattermost Fails to Restrict Certain Operations on System Admins Moderate
CVE-2025-32093 was published for github.com/mattermost/mattermost-server (Go) Apr 14, 2025
Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension... Critical Unreviewed
CVE-2025-32068 was published Apr 11, 2025
Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint Low
CVE-2025-24866 was published for github.com/mattermost/mattermost/server/v8 (Go) Apr 10, 2025
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization... High Unreviewed
CVE-2025-26330 was published Apr 10, 2025
tendermint-rs's Light Client Verifier allows malicious validators to spoof votes from other validators High
GHSA-6jrf-4jv4-r9mw was published for tendermint-light-client-verifier (Rust) Apr 9, 2025
felix-asym
SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions... Moderate Unreviewed
CVE-2025-31331 was published Apr 8, 2025
GraphQL query operations security can be bypassed High
CVE-2025-31481 was published for api-platform/core (Composer) Apr 4, 2025
soyuka ausi
alanpoulain
Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of... Critical Unreviewed
CVE-2024-38392 was published Apr 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database