Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,740
Maven
5,000+
npm
4,338
NuGet
765
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,666 advisories

Loading
Mautic user without privileged access to the Marketplace can install and uninstall composer packages Critical
CVE-2025-13828 was published for mautic/core (Composer) Dec 2, 2025
driskell escopecz
patrykgruszka
Credited to driskell, escopecz, and patrykgruszka
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a... Critical Unreviewed
CVE-2025-59703 was published Dec 2, 2025
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints Moderate
CVE-2025-66454 was published for arcade-mcp-server (pip) Dec 2, 2025
qi-scape
Credited to qi-scape
Mattermost fails to validate user permissions in Boards Low
CVE-2025-13870 was published for github.com/mattermost/mattermost (Go) Dec 2, 2025
Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic Moderate
CVE-2025-64715 was published for Ciliumgithub.com/cilium/cilium (Go) Dec 1, 2025
SeanEmac fristonio
Credited to SeanEmac and fristonio
XWiki Jetty Package (XJetty) allows accessing any application file through URL High
CVE-2025-55749 was published for org.xwiki.platform:xwiki-platform-tool-jetty-resources (Maven) Dec 1, 2025
Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows... High Unreviewed
CVE-2025-57489 was published Dec 1, 2025
An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the... High Unreviewed
CVE-2025-61229 was published Dec 1, 2025
A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an... Moderate Unreviewed
CVE-2025-13815 was published Dec 1, 2025
An unauthenticated administrative access vulnerability exists in the open-source HashTech project... Critical Unreviewed
CVE-2025-65276 was published Nov 26, 2025
Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope... High Unreviewed
CVE-2025-46174 was published Nov 26, 2025
Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway... Moderate Unreviewed
CVE-2025-65238 was published Nov 26, 2025
Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers... High Unreviewed
CVE-2025-55471 was published Nov 26, 2025
Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and... Critical Unreviewed
CVE-2025-55469 was published Nov 26, 2025
Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope... High Unreviewed
CVE-2025-46175 was published Nov 26, 2025
An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the... High Unreviewed
CVE-2025-56396 was published Nov 26, 2025
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC... Moderate Unreviewed
CVE-2025-65239 was published Nov 26, 2025
OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation Moderate
CVE-2025-66028 was published for @oneuptime/common (npm) Nov 25, 2025
SamirWaleed
Credited to SamirWaleed
Better Auth Passkey Plugin allows passkey deletion through IDOR High
GHSA-4vcf-q4xf-f48m was published for @better-auth/passkey (npm) Nov 25, 2025
goksan
Credited to goksan
Primakon Pi Portal 1.0.18 /api/v2/pp_users endpoint fails to adequately check user permissions... High Unreviewed
CVE-2025-64064 was published Nov 25, 2025
Primakon Pi Portal 1.0.18 REST /api/v2/user/register endpoint suffers from a Broken Access... High Unreviewed
CVE-2025-64066 was published Nov 25, 2025
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... High Unreviewed
CVE-2025-54563 was published Nov 25, 2025
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... High Unreviewed
CVE-2025-54338 was published Nov 25, 2025
A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This... Moderate Unreviewed
CVE-2025-13573 was published Nov 24, 2025
A weakness has been identified in code-projects Online Bidding System 1.0. This issue affects the... Moderate Unreviewed
CVE-2025-13574 was published Nov 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database