Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,829
Erlang
36
GitHub Actions
33
Go
2,446
Maven
5,000+
npm
4,065
NuGet
723
pip
3,866
Pub
12
RubyGems
943
Rust
1,009
Swift
39
Unreviewed advisories
All unreviewed
5,000+

322 advisories

Loading
Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions Critical
CVE-2024-38002 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
Cryptographic issue occurs due to use of insecure connection method while downloading. Critical Unreviewed
CVE-2025-21450 was published Jul 8, 2025
An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud... Critical Unreviewed
CVE-2025-29757 was published Jul 19, 2025
XWiki Rendering is vulnerable to RCE attacks when processing nested macros Critical
CVE-2025-53836 was published for org.xwiki.rendering:xwiki-rendering-transformation-macro (Maven) Jul 14, 2025
renniepak
Incorrect Authorization vulnerability in The Wikimedia Foundation Mediawiki - OAuth Extension... Critical Unreviewed
CVE-2025-32068 was published Apr 11, 2025
The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1... Critical Unreviewed
CVE-2025-26850 was published Jul 5, 2025
Improper Authentication vulnerability in Apache Solr Critical
CVE-2024-45216 was published for org.apache.solr:solr (Maven) Oct 16, 2024
The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has... Critical Unreviewed
CVE-2025-53391 was published Jun 29, 2025
Teleport allows remote authentication bypass Critical
CVE-2025-49825 was published for github.com/gravitational/teleport (Go) Jun 16, 2025
An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote... Critical Unreviewed
CVE-2025-48757 was published May 30, 2025
Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges... Critical Unreviewed
CVE-2025-29827 was published May 9, 2025
In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission... Critical Unreviewed
CVE-2025-20674 was published Jun 2, 2025
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for... Critical Unreviewed
CVE-2022-28321 was published Sep 20, 2022
An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic... Critical Unreviewed
CVE-2024-6914 was published May 22, 2025
In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null... Critical Unreviewed
CVE-2022-2778 was published Oct 1, 2022
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access... Critical Unreviewed
CVE-2025-43564 was published May 13, 2025
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect... Critical Unreviewed
CVE-2025-43561 was published May 13, 2025
In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report... Critical Unreviewed
CVE-2024-25652 was published Mar 14, 2024
On an F5OS system, if the root user had previously configured the system to allow login via SSH... Critical Unreviewed
CVE-2025-36546 was published May 8, 2025
Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability... Critical Unreviewed
CVE-2025-3476 was published May 7, 2025
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An... Critical Unreviewed
CVE-2023-34051 was published Oct 20, 2023
XWiki allows remote code execution through the extension sheet Critical
CVE-2024-55662 was published for org.xwiki.platform:xwiki-platform-repository-server-ui (Maven) Dec 12, 2024
Carel Boss Mini 1.5.0 has Improper Access Control. Critical Unreviewed
CVE-2022-34827 was published Nov 19, 2022
The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated... Critical Unreviewed
CVE-2022-41326 was published Nov 22, 2022
Bookgy does not provide for proper authorisation control in multiple areas of the application.... Critical Unreviewed
CVE-2025-40619 was published Apr 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database