Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

280 advisories

Loading
OpenFGA Authorization Bypass Moderate
CVE-2025-25196 was published for github.com/openfga/openfga (Go) Feb 19, 2025
The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet... Moderate Unreviewed
CVE-2024-13692 was published Feb 14, 2025
The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation... Moderate Unreviewed
CVE-2024-13821 was published Feb 12, 2025
TShock allows chat while not fully connected, possible ban evasion Moderate
GHSA-f8mx-cwfh-7hr2 was published for tshock (NuGet) Feb 3, 2025
ohayo
Kubewarden-Controller information leak via AdmissionPolicyGroup Resource Moderate
CVE-2025-24784 was published for github.com/kubewarden/kubewarden-controller (Go) Jan 30, 2025
flavio
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs Moderate
CVE-2025-24397 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Jan 22, 2025
A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical.... Moderate Unreviewed
CVE-2025-0580 was published Jan 20, 2025
CVE-2024-5138: snapd snapctl auth bypass Moderate
CVE-2024-5138 was published for github.com/snapcore/snapd (Go) Jan 16, 2025
rmcnamara-snyk
OpenFGA Authorization Bypass Moderate
CVE-2024-56323 was published for github.com/openfga/openfga (Go) Jan 13, 2025
miparnisari
TeamPass mail_me operation authorization issue Moderate
CVE-2024-50702 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
TeamPass does not properly check whether a folder is in a user's allowed folders list Moderate
CVE-2024-50701 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
The Download Manager plugin for WordPress is vulnerable to unauthorized download of password... Moderate Unreviewed
CVE-2024-11768 was published Dec 19, 2024
A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This... Moderate Unreviewed
CVE-2024-12483 was published Dec 12, 2024
kcp's impersonation allows access to global administrative groups Moderate
GHSA-c7xh-gjv4-4jgv was published for github.com/kcp-dev/kcp (Go) Dec 11, 2024
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization... Moderate Unreviewed
CVE-2024-43731 was published Dec 11, 2024
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization... Moderate Unreviewed
CVE-2024-43729 was published Dec 11, 2024
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access Moderate
CVE-2024-8676 was published for github.com/cri-o/cri-o (Go) Nov 26, 2024
Moodle Lesson activity password bypass through PHP loose comparison Moderate
CVE-2024-45691 was published for moodle/moodle (Composer) Nov 20, 2024
Moodle allows users to retrieve information they did not have permission to access Moderate
CVE-2024-45689 was published for moodle/moodle (Composer) Nov 20, 2024
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM)... Moderate Unreviewed
CVE-2020-3539 was published Nov 18, 2024
moodle: IDOR in edit/delete RSS feed Moderate
CVE-2024-48897 was published for moodle/moodle (Composer) Nov 18, 2024
moodle: IDOR when fetching report schedules Moderate
CVE-2024-48901 was published for moodle/moodle (Composer) Nov 18, 2024
Improper Authorization in dolibarr/dolibarr Moderate
CVE-2021-3991 was published for dolibarr/dolibarr (Composer) Nov 15, 2024
A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This... Moderate Unreviewed
CVE-2024-10598 was published Nov 1, 2024
Improper authorization in some Intel(R) PM software may allow a privileged user to potentially... Moderate Unreviewed
CVE-2023-38135 was published Oct 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database