Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,364 advisories

Loading
Improper access control in Windows Error Reporting allows an authorized attacker to elevate... High Unreviewed
CVE-2025-55694 was published Oct 14, 2025
Improper access control in Visual Studio allows an authorized attacker to elevate privileges... High Unreviewed
CVE-2025-55240 was published Oct 14, 2025
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate... High Unreviewed
CVE-2025-47989 was published Oct 14, 2025
Improper access control in Microsoft PowerShell allows an authorized attacker to elevate... High Unreviewed
CVE-2025-25004 was published Oct 14, 2025
SourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The... High Unreviewed
CVE-2025-60305 was published Oct 10, 2025
Lavasoft Web Companion (also known as Ad-Aware WebCompanion) versions 8.9.0.1091 through 12.1.3... High Unreviewed
CVE-2025-45095 was published Oct 9, 2025
phpMyFAQ duplicate email registration allows multiple accounts with the same email High
CVE-2025-59943 was published for thorsten/phpmyfaq (Composer) Oct 3, 2025
halas98
Credited to halas98
DX Unified Infrastructure Management (Nimsoft/UIM) and below contains an improper ACL handling... High Unreviewed
CVE-2025-10847 was published Oct 1, 2025
An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. TPM authentication... High Unreviewed
CVE-2025-48707 was published Sep 25, 2025
This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access... High Unreviewed
CVE-2025-10957 was published Sep 25, 2025
Aztech DSL5005EN firmware 1.00.AZ_2013-05-10 and possibly other versions allows unauthenticated... High Unreviewed
CVE-2025-56241 was published Sep 24, 2025
A flaw was found in the Lightspeed history service. Insufficient access controls allow a local,... High Unreviewed
CVE-2025-5962 was published Sep 22, 2025
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker... High Unreviewed
CVE-2025-23329 was published Sep 18, 2025
A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS).... High Unreviewed
CVE-2025-37125 was published Sep 17, 2025
@executeautomation/database-server does not properly restrict access, bypassing a "read-only" mode High
CVE-2025-59333 was published for @executeautomation/database-server (npm) Sep 16, 2025
lirantal
Credited to lirantal
This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be... High Unreviewed
CVE-2025-43371 was published Sep 16, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2025-43340 was published Sep 16, 2025
The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able... High Unreviewed
CVE-2025-43263 was published Sep 16, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.... High Unreviewed
CVE-2025-43204 was published Sep 16, 2025
The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26. An app... High Unreviewed
CVE-2025-24088 was published Sep 16, 2025
SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access... High Unreviewed
CVE-2025-56274 was published Sep 16, 2025
The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories... High Unreviewed
CVE-2025-10491 was published Sep 15, 2025
Incorrect access control in the web service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows... High Unreviewed
CVE-2025-45584 was published Sep 12, 2025
OpenSynergy BlueSDK (aka Blue SDK) through 6.x mishandles a function call. The specific flaw... High Unreviewed
CVE-2024-45432 was published Sep 12, 2025
Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0... High Unreviewed
CVE-2025-10201 was published Sep 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database