Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

563 advisories

Loading
CVE-2024-5138: snapd snapctl auth bypass Moderate
CVE-2024-5138 was published for github.com/snapcore/snapd (Go) Jan 16, 2025
rmcnamara-snyk
Microsoft SharePoint Server Remote Code Execution Vulnerability High Unreviewed
CVE-2025-21348 was published Jan 14, 2025
Windows App Package Installer Elevation of Privilege Vulnerability High Unreviewed
CVE-2025-21275 was published Jan 14, 2025
Gradio Blocked Path ACL Bypass Vulnerability Critical
CVE-2025-23042 was published for gradio (pip) Jan 14, 2025
superboy-zjc jackfromeast
OpenFGA Authorization Bypass Moderate
CVE-2024-56323 was published for github.com/openfga/openfga (Go) Jan 13, 2025
Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common... Critical Unreviewed
CVE-2024-13241 was published Jan 9, 2025
TeamPass does not properly check whether a folder is in a user's allowed folders list Moderate
CVE-2024-50701 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
TeamPass mail_me operation authorization issue Moderate
CVE-2024-50702 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could... Low Unreviewed
CVE-2020-9081 was published Dec 27, 2024
The Download Manager plugin for WordPress is vulnerable to unauthorized download of password... Moderate Unreviewed
CVE-2024-11768 was published Dec 19, 2024
Next.js authorization bypass vulnerability High
CVE-2024-51479 was published for next (npm) Dec 17, 2024
tyage
Potential Vulnerabilities Due to Outdated golang.org/x/crypto Dependency in NanoProxy High
GHSA-7prj-hgx4-2xc3 was published for github.com/ryanbekhen/nanoproxy (Go) Dec 12, 2024
Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access High
CVE-2024-55633 was published for apache-superset (pip) Dec 12, 2024
A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This... Moderate Unreviewed
CVE-2024-12483 was published Dec 12, 2024
Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto Critical
CVE-2024-45337 was published for golang.org/x/crypto (Go) Dec 11, 2024
ryanbekhen SuperSandro2000
kcp's impersonation allows access to global administrative groups Moderate
GHSA-c7xh-gjv4-4jgv was published for github.com/kcp-dev/kcp (Go) Dec 11, 2024
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization... Moderate Unreviewed
CVE-2024-43731 was published Dec 11, 2024
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization... Moderate Unreviewed
CVE-2024-43729 was published Dec 11, 2024
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled High
CVE-2024-53949 was published for apache-superset (pip) Dec 9, 2024
An authenticated user with API access (e.g.: user with default User role), more specifically a... High Unreviewed
CVE-2024-36467 was published Nov 27, 2024
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access Moderate
CVE-2024-8676 was published for github.com/cri-o/cri-o (Go) Nov 26, 2024
The Booking & Appointment Plugin for WooCommerce plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-10729 was published Nov 26, 2024
Moodle Lesson activity password bypass through PHP loose comparison Moderate
CVE-2024-45691 was published for moodle/moodle (Composer) Nov 20, 2024
Moodle allows users to retrieve information they did not have permission to access Moderate
CVE-2024-45689 was published for moodle/moodle (Composer) Nov 20, 2024
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM)... Moderate Unreviewed
CVE-2020-3539 was published Nov 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database