Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

255 advisories

Loading
OpenFGA Improper Policy Enforcement Moderate
CVE-2025-64751 was published for github.com/openfga/openfga (Go) Nov 20, 2025
OneUptime Unauthorized User Creation via API High
CVE-2025-65966 was published for @oneuptime/common (npm) Nov 26, 2025
SamirWaleed
Credited to SamirWaleed
Juju allows arbitrary executable uploads via authenticated endpoint without authorization High
CVE-2025-0928 was published for github.com/juju/juju (Go) Jul 9, 2025
tlm wallyworld
hpidcock Fedqys setharnold
Credited to tlm, wallyworld, hpidcock, Fedqys, and setharnold
MantisBT unauthorized disclosure of private project column configuration Moderate
CVE-2025-62520 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
jrckmcsb atrol
dregad
Credited to jrckmcsb, atrol, and dregad
File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function High
CVE-2025-64523 was published for github.com/filebrowser/filebrowser (Go) Nov 13, 2025
bbodisteanu-hacken hacdias
Credited to bbodisteanu-hacken and hacdias
Magento is affected by an improper authorization vulnerability Moderate
CVE-2021-36037 was published for magento/community-edition (Composer) May 24, 2022
Magento improper authorization vulnerability High
CVE-2021-36029 was published for magento/community-edition (Composer) May 24, 2022
Magento Improper Authorization vulnerability Moderate
CVE-2024-39405 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization vulnerability Moderate
CVE-2024-39404 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization vulnerability Moderate
CVE-2024-39418 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization vulnerability Moderate
CVE-2024-39413 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization vulnerability Moderate
CVE-2024-39407 was published for magento/community-edition (Composer) Aug 14, 2024
Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access Moderate
CVE-2025-55675 was published for apache-superset (pip) Aug 14, 2025
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline Low
CVE-2024-30260 was published for undici (npm) Apr 4, 2024
Moodle has a time restriction bypass Moderate
CVE-2025-62401 was published for moodle/moodle (Composer) Oct 23, 2025
Magento Improper Access Control Leads to Privilege escalation Moderate
CVE-2024-39419 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization leads to Security feature bypass Moderate
CVE-2024-39417 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization leads to Security feature bypass Moderate
CVE-2024-39416 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization Leading to Security feature bypass Moderate
CVE-2024-39415 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization leads to security feature bypass Moderate
CVE-2024-39411 was published for magento/community-edition (Composer) Aug 14, 2024
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace Low
GHSA-q6hv-wcjr-wp8h was published for github.com/kcp-dev/kcp (Go) Sep 26, 2025
SimonTheLeg embik
Credited to SimonTheLeg and embik
XWiki OIDC Authenticator: Users with "view" access can create tokens for any users they can view Critical
CVE-2025-49594 was published for org.xwiki.contrib.oidc:oidc-authenticator (Maven) Oct 6, 2025
Hono Improper Authorization vulnerability High
CVE-2025-62610 was published for hono (npm) Oct 22, 2025
okazu-dm
Credited to okazu-dm
Magento Improper Authorization leading to security feature bypass High
CVE-2025-43585 was published for magento/community-edition (Composer) Jun 10, 2025
Mautic allows Improper Authorization in Reporting API High
CVE-2024-47053 was published for mautic/core (Composer) Feb 26, 2025
escopecz patrykgruszka
Credited to escopecz and patrykgruszka
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database