Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,462
Erlang
33
GitHub Actions
22
Go
2,159
Maven
5,000+
npm
3,820
NuGet
696
pip
3,502
Pub
12
RubyGems
903
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

106 advisories

Loading
Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content Moderate
CVE-2025-27602 was published for Umbraco.Cms.Web.Backoffice (NuGet) Mar 11, 2025
hazemeldoc
Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality Moderate
CVE-2025-27601 was published for Umbraco.Cms.Api.Management (NuGet) Mar 11, 2025
OpenFGA Authorization Bypass Moderate
CVE-2025-25196 was published for github.com/openfga/openfga (Go) Feb 19, 2025
TShock allows chat while not fully connected, possible ban evasion Moderate
GHSA-f8mx-cwfh-7hr2 was published for tshock (NuGet) Feb 3, 2025
ohayo
Kubewarden-Controller information leak via AdmissionPolicyGroup Resource Moderate
CVE-2025-24784 was published for github.com/kubewarden/kubewarden-controller (Go) Jan 30, 2025
flavio
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs Moderate
CVE-2025-24397 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Jan 22, 2025
CVE-2024-5138: snapd snapctl auth bypass Moderate
CVE-2024-5138 was published for github.com/snapcore/snapd (Go) Jan 16, 2025
rmcnamara-snyk
OpenFGA Authorization Bypass Moderate
CVE-2024-56323 was published for github.com/openfga/openfga (Go) Jan 13, 2025
miparnisari
TeamPass mail_me operation authorization issue Moderate
CVE-2024-50702 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
TeamPass does not properly check whether a folder is in a user's allowed folders list Moderate
CVE-2024-50701 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
kcp's impersonation allows access to global administrative groups Moderate
GHSA-c7xh-gjv4-4jgv was published for github.com/kcp-dev/kcp (Go) Dec 11, 2024
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access Moderate
CVE-2024-8676 was published for github.com/cri-o/cri-o (Go) Nov 26, 2024
Moodle allows users to retrieve information they did not have permission to access Moderate
CVE-2024-45689 was published for moodle/moodle (Composer) Nov 20, 2024
Moodle Lesson activity password bypass through PHP loose comparison Moderate
CVE-2024-45691 was published for moodle/moodle (Composer) Nov 20, 2024
moodle: IDOR in edit/delete RSS feed Moderate
CVE-2024-48897 was published for moodle/moodle (Composer) Nov 18, 2024
moodle: IDOR when fetching report schedules Moderate
CVE-2024-48901 was published for moodle/moodle (Composer) Nov 18, 2024
Improper Authorization in dolibarr/dolibarr Moderate
CVE-2021-3991 was published for dolibarr/dolibarr (Composer) Nov 15, 2024
Gradio's CORS origin validation accepts the null origin Moderate
CVE-2024-47165 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45131 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45128 was published for magento/community-edition (Composer) Oct 10, 2024
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission Moderate
CVE-2024-46989 was published for github.com/authzed/spicedb (Go) Sep 18, 2024
tim-mod
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability Moderate
CVE-2024-46943 was published for org.opendaylight.aaa:aaa-artifacts (Maven) Sep 16, 2024
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability Moderate
CVE-2024-45043 was published for github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver (Go) Aug 29, 2024
DouglasHeriot Aneurysm9
arminru
Powermail TYPO3 extension Broken Access Control in the OutputController Moderate
CVE-2024-45233 was published for in2code/powermail (Composer) Aug 29, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window Moderate
CVE-2024-45244 was published for github.com/hyperledger/fabric (Go) Aug 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database