Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,039 advisories

Loading
SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with... High Unreviewed
CVE-2025-62730 was published Nov 20, 2025
OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization. High
CVE-2025-65073 was published for keystone (pip) Nov 17, 2025
Apollo Federation has Improper Enforcement of Access Control on Transitive Fields High
GHSA-m8jr-fxqx-8xx6 was published for @apollo/composition (npm) Nov 14, 2025
dariuszkuc
Credited to dariuszkuc
Fujitsu iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is... High Unreviewed
CVE-2025-65002 was published Nov 12, 2025
Adobe Pass versions 3.7.3 and earlier are affected by an Incorrect Authorization vulnerability.... High Unreviewed
CVE-2025-61830 was published Nov 11, 2025
A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users... High Unreviewed
CVE-2025-11862 was published Nov 11, 2025
Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the... High Unreviewed
CVE-2025-37736 was published Nov 8, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2025-43387 was published Nov 4, 2025
Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability... High Unreviewed
CVE-2025-34273 was published Oct 31, 2025
Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability.... High Unreviewed
CVE-2023-7322 was published Oct 31, 2025
Drupal CivicTheme Design System allows Forceful Browsing High
CVE-2025-12082 was published for drupal/civictheme (Composer) Oct 30, 2025
OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method High
CVE-2025-59048 was published for github.com/openbao/openbao-plugins (Go) Oct 23, 2025
pkarakal
Credited to pkarakal
Ash has authorization bypass when bypass policy condition evaluates to true High
CVE-2025-48044 was published for ash (Erlang) Oct 17, 2025
jechol maennchen
zachdaniel
Credited to jechol, maennchen, and zachdaniel
An Incorrect Authorization vulnerability has been identified in Moxa’s network security... High Unreviewed
CVE-2025-6892 was published Oct 17, 2025
MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS High
CVE-2025-62506 was published for github.com/minio/minio (Go) Oct 16, 2025
donatello SimeonPoot
Credited to donatello and SimeonPoot
Magento provides incorrect authorization through a security feature bypass High
CVE-2025-54263 was published for magento/community-edition (Composer) Oct 14, 2025
Ash Framework: Filter authorization misapplies impossible bypass/runtime policies High
CVE-2025-48043 was published for ash (Erlang) Oct 13, 2025
maennchen zachdaniel
Credited to maennchen and zachdaniel
GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to... High Unreviewed
CVE-2025-11340 was published Oct 9, 2025
Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to... High Unreviewed
CVE-2025-44824 was published Oct 7, 2025
An access control vulnerability was discovered in the CLI functionality due to a specific access... High Unreviewed
CVE-2025-3719 was published Oct 7, 2025
OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be... High Unreviewed
CVE-2025-10696 was published Oct 3, 2025
VMware Tools for Windows contains an improper authorisation vulnerability due to the way it... High Unreviewed
CVE-2025-41246 was published Sep 29, 2025
Rancher update on users can deny the service to the admin High
CVE-2024-58260 was published for github.com/rancher/rancher (Go) Sep 26, 2025
Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass) High
CVE-2025-59420 was published for authlib (pip) Sep 22, 2025
AL-Cybision
Credited to AL-Cybision
Spring Framework annotation detection mechanism may result in improper authorization High
CVE-2025-41249 was published for org.springframework:spring-core (Maven) Sep 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database