Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,359 advisories

Loading
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows... High Unreviewed
CVE-2025-65795 was published Dec 8, 2025
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows... High Unreviewed
CVE-2025-65797 was published Dec 8, 2025
A lack of Management Frame Protection in Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet... High Unreviewed
CVE-2025-63363 was published Dec 4, 2025
Incorrect access control in the component ApiPayController.java of platform v1.0.0 allows... High Unreviewed
CVE-2025-57210 was published Dec 4, 2025
Incorrect access control in the component ApiOrderService.java of platform v1.0.0 allows... High Unreviewed
CVE-2025-57212 was published Dec 4, 2025
Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows... High Unreviewed
CVE-2025-57213 was published Dec 4, 2025
XWiki Jetty Package (XJetty) allows accessing any application file through URL High
CVE-2025-55749 was published for org.xwiki.platform:xwiki-platform-tool-jetty-resources (Maven) Dec 1, 2025
Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows... High Unreviewed
CVE-2025-57489 was published Dec 1, 2025
An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the... High Unreviewed
CVE-2025-61229 was published Dec 1, 2025
An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the... High Unreviewed
CVE-2025-56396 was published Nov 26, 2025
Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope... High Unreviewed
CVE-2025-46174 was published Nov 26, 2025
Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope... High Unreviewed
CVE-2025-46175 was published Nov 26, 2025
Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers... High Unreviewed
CVE-2025-55471 was published Nov 26, 2025
Better Auth Passkey Plugin allows passkey deletion through IDOR High
GHSA-4vcf-q4xf-f48m was published for @better-auth/passkey (npm) Nov 25, 2025
goksan
Credited to goksan
Primakon Pi Portal 1.0.18 /api/v2/pp_users endpoint fails to adequately check user permissions... High Unreviewed
CVE-2025-64064 was published Nov 25, 2025
Primakon Pi Portal 1.0.18 REST /api/v2/user/register endpoint suffers from a Broken Access... High Unreviewed
CVE-2025-64066 was published Nov 25, 2025
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... High Unreviewed
CVE-2025-54563 was published Nov 25, 2025
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... High Unreviewed
CVE-2025-54338 was published Nov 25, 2025
Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in... High Unreviewed
CVE-2025-48986 was published Nov 20, 2025
The ITEL ISO FM SFN Adapter (firmware ISO2 2.0.0.0, WebServer 2.0) is vulnerable to session... High Unreviewed
CVE-2025-63219 was published Nov 19, 2025
A vulnerability in the SSH restricted shell interface of the network management services allows... High Unreviewed
CVE-2025-37155 was published Nov 18, 2025
Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source... High Unreviewed
CVE-2025-41737 was published Nov 18, 2025
@apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields High
CVE-2025-64530 was published for @apollo/composition (npm) Nov 14, 2025
The issue was addressed by refusing external connections by default. This issue is fixed in... High Unreviewed
CVE-2025-43515 was published Nov 13, 2025
A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote... High Unreviewed
CVE-2025-20341 was published Nov 13, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database