Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,891 advisories

Loading
Improper Request Caching Lookup in the Auth0 Next.js SDK Moderate
CVE-2025-67490 was published for @auth0/nextjs-auth0 (npm) Dec 10, 2025
MegaManSec
Credited to MegaManSec
Unprotected service in the AudioLink component allows a local attacker to overwrite system files... Moderate Unreviewed
CVE-2025-9056 was published Dec 10, 2025
An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow... Moderate Unreviewed
CVE-2025-54838 was published Dec 9, 2025
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4).... Moderate Unreviewed
CVE-2025-40819 was published Dec 9, 2025
Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands High
CVE-2025-66623 was published for io.strimzi:strimzi (Maven) Dec 5, 2025
scholzj ppatierno
im-konge
Credited to scholzj, ppatierno, and im-konge
Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth... Moderate Unreviewed
CVE-2025-65900 was published Dec 5, 2025
In Splunk MCP Server app versions below 0.2.4, a user with access to the "run_splunk_query" Model... Moderate Unreviewed
CVE-2025-20381 was published Dec 3, 2025
step-ca Has Improper Authorization Check for SSH Certificate Revocation Moderate
CVE-2025-66406 was published for github.com/smallstep/certificates (Go) Dec 3, 2025
Mattermost fails to validate user permissions when deleting comments in Boards Moderate
CVE-2025-12756 was published for github.com/mattermost/mattermost (Go) Dec 1, 2025
Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in... High Unreviewed
CVE-2025-13829 was published Dec 1, 2025
HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on... Moderate Unreviewed
CVE-2025-66433 was published Nov 30, 2025
trytond does not enforce access rights for the route of the HTML editor. High
CVE-2025-66423 was published for trytond (pip) Nov 30, 2025
trytond does not enforce access rights for data export Moderate
CVE-2025-66424 was published for trytond (pip) Nov 30, 2025
An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy... Moderate Unreviewed
CVE-2025-66360 was published Nov 28, 2025
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager... Moderate Unreviewed
CVE-2025-12971 was published Nov 27, 2025
The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to... Critical Unreviewed
CVE-2024-5539 was published Nov 27, 2025
Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and... Critical Unreviewed
CVE-2025-55469 was published Nov 26, 2025
OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation Moderate
CVE-2025-66028 was published for @oneuptime/common (npm) Nov 25, 2025
SamirWaleed
Credited to SamirWaleed
Terraform state versions can be created by a user with specific but insufficient permissions in a... Moderate Unreviewed
CVE-2025-13432 was published Nov 21, 2025
LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If... Moderate Unreviewed
CVE-2025-62189 was published Nov 21, 2025
SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with... High Unreviewed
CVE-2025-62730 was published Nov 20, 2025
Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious... Moderate Unreviewed
CVE-2025-59111 was published Nov 18, 2025
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows... Critical Unreviewed
CVE-2025-41346 was published Nov 18, 2025
OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization. High
CVE-2025-65073 was published for keystone (pip) Nov 17, 2025
An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4... Moderate Unreviewed
CVE-2025-11865 was published Nov 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database