GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,759
Composer 5,034
Erlang 39
GitHub Actions 38
Go 2,680
Maven 6,120
npm 4,300
NuGet 760
pip 4,078
Pub 12
RubyGems 958
Rust 1,061
Swift 45

Unreviewed advisories

All unreviewed 278,127

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,073 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Terraform state versions can be created by a user with specific but insufficient permissions in a... Moderate Unreviewed

CVE-2025-13432 was published Nov 21, 2025

LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If... Moderate Unreviewed

CVE-2025-62189 was published Nov 21, 2025

Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious... Moderate Unreviewed

CVE-2025-59111 was published Nov 18, 2025

An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4... Moderate Unreviewed

CVE-2025-11865 was published Nov 15, 2025

The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2025-12621 was published Nov 8, 2025

An issue was discovered in rymcu forest thru commit f782e85 (2025-09-04) in function doBefore in... Moderate Unreviewed

CVE-2025-63687 was published Nov 7, 2025

An authentication issue was addressed with improved state management. This issue is fixed in... Moderate Unreviewed

CVE-2025-43459 was published Nov 4, 2025

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS... Moderate Unreviewed

CVE-2025-43397 was published Nov 4, 2025

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... Moderate Unreviewed

CVE-2025-43336 was published Nov 4, 2025

The Folderly plugin for WordPress is vulnerable to unauthorized modification of data due to an... Moderate Unreviewed

CVE-2025-12038 was published Nov 1, 2025

GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4... Moderate Unreviewed

CVE-2025-11971 was published Oct 27, 2025

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not... Moderate Unreviewed

CVE-2025-62651 was published Oct 17, 2025

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote... Moderate Unreviewed

CVE-2025-62648 was published Oct 17, 2025

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the... Moderate Unreviewed

CVE-2025-62647 was published Oct 17, 2025

An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to... Moderate Unreviewed

CVE-2025-9955 was published Oct 16, 2025

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and... Moderate Unreviewed

CVE-2025-54277 was published Oct 14, 2025

SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an authenticated attacker with... Moderate Unreviewed

CVE-2025-42939 was published Oct 14, 2025

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization... Moderate Unreviewed

CVE-2025-7374 was published Oct 10, 2025

The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization... Moderate Unreviewed

CVE-2025-59449 was published Oct 6, 2025

A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call... Moderate Unreviewed

CVE-2025-49641 was published Oct 3, 2025

In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can... Moderate Unreviewed

CVE-2025-59714 was published Sep 19, 2025

The Sparkle framework includes an XPC service Downloader.xpc, by default this service is private... Moderate Unreviewed

CVE-2025-10015 was published Sep 16, 2025

This issue was addressed with improved checks to prevent unauthorized actions. This issue is... Moderate Unreviewed

CVE-2025-43307 was published Sep 16, 2025

This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26... Moderate Unreviewed

CVE-2025-31254 was published Sep 16, 2025

Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated... Moderate Unreviewed

CVE-2025-58134 was published Sep 10, 2025

Previous1…43 Next

Previous 1 2 3 4 5 … 42 43 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,073 advisories