Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,701
Maven
5,000+
npm
4,328
NuGet
761
pip
4,103
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

29 advisories

Loading
A vulnerability was identified in fushengqian fuint up to... Low Unreviewed
CVE-2025-12623 was published Nov 3, 2025
The Password Protected plugin for WordPress is vulnerable to authorization bypass via IP address... Low Unreviewed
CVE-2025-11244 was published Oct 25, 2025
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace Low
GHSA-q6hv-wcjr-wp8h was published for github.com/kcp-dev/kcp (Go) Sep 26, 2025
SimonTheLeg embik
Credited to SimonTheLeg and embik
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of... Low Unreviewed
CVE-2025-4654 was published Jul 2, 2025
The lesscss script service allows cache clearing without programming right Low
CVE-2025-32972 was published for org.xwiki.platform:xwiki-platform-lesscss-script (Maven) Apr 29, 2025
Improper authorization in application password policy in Devolutions Remote Desktop Manager on... Low Unreviewed
CVE-2025-2528 was published Mar 26, 2025
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could... Low Unreviewed
CVE-2020-9081 was published Dec 27, 2024
Access permission verification vulnerability in the Notepad module Impact: Successful... Low Unreviewed
CVE-2024-42036 was published Aug 8, 2024
OpenSearch Observability does not properly restrict access to private tenant resources Low
CVE-2024-39901 was published for org.opensearch.plugin:opensearch-observability (Maven) Jul 10, 2024
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims Low
CVE-2024-5798 was published for github.com/hashicorp/vault (Go) Jun 12, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline Low
CVE-2024-30260 was published for undici (npm) Apr 4, 2024
The Gotham video-application-server service contained a race condition which would cause it to... Low Unreviewed
CVE-2023-30954 was published Nov 15, 2023
Sensitive information disclosure and manipulation due to improper authorization. The following... Low Unreviewed
CVE-2023-44154 was published Sep 27, 2023
An attacker with local access to the machine could record the traffic, which could allow them... Low Unreviewed
CVE-2023-24476 was published Jun 8, 2023
A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to... Low Unreviewed
CVE-2022-4062 was published Feb 1, 2023
Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows... Low Unreviewed
CVE-2022-39879 was published Nov 10, 2022
Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical... Low Unreviewed
CVE-2022-36876 was published Sep 10, 2022
Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows... Low Unreviewed
CVE-2022-36857 was published Sep 10, 2022
Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local... Low Unreviewed
CVE-2022-36852 was published Sep 10, 2022
Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access... Low Unreviewed
CVE-2022-33705 was published Jul 13, 2022
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain... Low Unreviewed
CVE-2022-30757 was published Jul 13, 2022
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is... Low Unreviewed
CVE-2021-28626 was published May 24, 2022
Magento incorrect user permissions vulnerability within the Inventory component Low
CVE-2020-24403 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition vulnerable to Improper Authorization Low
CVE-2020-24404 was published for magento/community-edition (Composer) May 24, 2022
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). Low Unreviewed
CVE-2018-20927 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database