Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

278 advisories

Loading
Redis Enterprise Elevation of Privilege Vulnerability High Unreviewed
CVE-2025-59271 was published Oct 9, 2025
Improper Authentication, Missing Authentication for Critical Function, Improper Authorization... High Unreviewed
CVE-2024-7015 was published Sep 9, 2024
Casdoor is vulnerable to Improper Authorization High
CVE-2025-61524 was published for github.com/casdoor/casdoor (Go) Oct 8, 2025
The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main'... High Unreviewed
CVE-2024-4254 was published Jun 4, 2024
A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover... High Unreviewed
CVE-2024-12880 was published Mar 20, 2025
In lunary-ai/lunary before version 1.4.26, the checklists.post() endpoint allows users to create... High Unreviewed
CVE-2024-9000 was published Mar 20, 2025
In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows low-privilege users to... High Unreviewed
CVE-2024-9096 was published Mar 20, 2025
A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute... High Unreviewed
CVE-2024-8764 was published Mar 20, 2025
LiteLLM Has an Improper Authorization Vulnerability High
CVE-2025-0628 was published for litellm (pip) Mar 20, 2025
Mautic allows Improper Authorization in Reporting API High
CVE-2024-47053 was published for mautic/core (Composer) Feb 26, 2025
escopecz patrykgruszka
Credited to escopecz and patrykgruszka
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5... High Unreviewed
CVE-2018-13382 was published May 24, 2022
Magento Improper Authorization leading to security feature bypass High
CVE-2025-43585 was published for magento/community-edition (Composer) Jun 10, 2025
Hono Improper Authorization vulnerability High
CVE-2025-62610 was published for hono (npm) Oct 22, 2025
okazu-dm
Credited to okazu-dm
A race condition flaw was found in sssd where the GPO policy is not consistently applied for... High Unreviewed
CVE-2023-3758 was published Apr 18, 2024
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An... High Unreviewed
CVE-2025-31249 was published May 13, 2025
The issue was addressed with improved restriction of data container access. This issue is fixed... High Unreviewed
CVE-2024-40783 was published Jul 30, 2024
A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight... High Unreviewed
CVE-2023-47166 was published May 1, 2024
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in... High Unreviewed
CVE-2024-40814 was published Jul 30, 2024
Magento improper authorization vulnerability High
CVE-2021-36029 was published for magento/community-edition (Composer) May 24, 2022
The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is... High Unreviewed
CVE-2025-4519 was published Nov 7, 2025
The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-11521 was published Nov 11, 2025
File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function High
CVE-2025-64523 was published for github.com/filebrowser/filebrowser (Go) Nov 13, 2025
bbodisteanu-hacken hacdias
Credited to bbodisteanu-hacken and hacdias
Juju allows arbitrary executable uploads via authenticated endpoint without authorization High
CVE-2025-0928 was published for github.com/juju/juju (Go) Jul 9, 2025
tlm wallyworld
hpidcock Fedqys setharnold
Credited to tlm, wallyworld, hpidcock, Fedqys, and setharnold
Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized... High Unreviewed
CVE-2025-64655 was published Nov 21, 2025
The Primakon Pi Portal 1.0.18 /api/V2/pp_users?email endpoint is used for user data filtering but... High Unreviewed
CVE-2025-64062 was published Nov 25, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database