Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,887 advisories

Loading
Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands High
CVE-2025-66623 was published for io.strimzi:strimzi (Maven) Dec 5, 2025
scholzj ppatierno
im-konge
Credited to scholzj, ppatierno, and im-konge
Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth... Moderate Unreviewed
CVE-2025-65900 was published Dec 5, 2025
In Splunk MCP Server app versions below 0.2.4, a user with access to the "run_splunk_query" Model... Moderate Unreviewed
CVE-2025-20381 was published Dec 3, 2025
step-ca Has Improper Authorization Check for SSH Certificate Revocation Moderate
CVE-2025-66406 was published for github.com/smallstep/certificates (Go) Dec 3, 2025
Mattermost fails to validate user permissions when deleting comments in Boards Moderate
CVE-2025-12756 was published for github.com/mattermost/mattermost (Go) Dec 1, 2025
Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in... High Unreviewed
CVE-2025-13829 was published Dec 1, 2025
HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on... Moderate Unreviewed
CVE-2025-66433 was published Nov 30, 2025
trytond does not enforce access rights for the route of the HTML editor. High
CVE-2025-66423 was published for trytond (pip) Nov 30, 2025
trytond does not enforce access rights for data export Moderate
CVE-2025-66424 was published for trytond (pip) Nov 30, 2025
An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy... Moderate Unreviewed
CVE-2025-66360 was published Nov 28, 2025
The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager... Moderate Unreviewed
CVE-2025-12971 was published Nov 27, 2025
The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to... Critical Unreviewed
CVE-2024-5539 was published Nov 27, 2025
Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and... Critical Unreviewed
CVE-2025-55469 was published Nov 26, 2025
OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation Moderate
CVE-2025-66028 was published for @oneuptime/common (npm) Nov 25, 2025
SamirWaleed
Credited to SamirWaleed
Terraform state versions can be created by a user with specific but insufficient permissions in a... Moderate Unreviewed
CVE-2025-13432 was published Nov 21, 2025
LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If... Moderate Unreviewed
CVE-2025-62189 was published Nov 21, 2025
SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with... High Unreviewed
CVE-2025-62730 was published Nov 20, 2025
Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious... Moderate Unreviewed
CVE-2025-59111 was published Nov 18, 2025
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows... Critical Unreviewed
CVE-2025-41346 was published Nov 18, 2025
OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization. High
CVE-2025-65073 was published for keystone (pip) Nov 17, 2025
An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4... Moderate Unreviewed
CVE-2025-11865 was published Nov 15, 2025
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18... Low Unreviewed
CVE-2025-7736 was published Nov 15, 2025
Apollo Federation has Improper Enforcement of Access Control on Transitive Fields High
GHSA-m8jr-fxqx-8xx6 was published for @apollo/composition (npm) Nov 14, 2025
dariuszkuc
Credited to dariuszkuc
Directus has Improper Permission Handling on Deleted Fields Moderate
CVE-2025-64746 was published for directus (npm) Nov 14, 2025
beafn28
Credited to beafn28
Mattermost fails to properly restrict access to archived channel search API Moderate
CVE-2025-11776 was published for github.com/mattermost/mattermost (Go) Nov 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database