Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,951
Erlang
39
GitHub Actions
38
Go
2,607
Maven
5,000+
npm
4,251
NuGet
757
pip
4,017
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,844 advisories

Loading
Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1... Moderate Unreviewed
CVE-2025-62259 was published Oct 28, 2025
GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4... Moderate Unreviewed
CVE-2025-11971 was published Oct 27, 2025
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for... Low Unreviewed
CVE-2025-11888 was published Oct 25, 2025
OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method High
CVE-2025-59048 was published for github.com/openbao/openbao-plugins (Go) Oct 23, 2025
pkarakal
Credited to pkarakal
Moodle sends quiz-related messages to inactive/suspended users Moderate
CVE-2025-62394 was published for moodle/moodle (Composer) Oct 23, 2025
Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually Moderate
GHSA-m895-2hj3-8cg9 was published for shopware/core (Composer) Oct 21, 2025
JoshuaBehrens
Credited to JoshuaBehrens
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not... Moderate Unreviewed
CVE-2025-62651 was published Oct 17, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the... Moderate Unreviewed
CVE-2025-62647 was published Oct 17, 2025
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote... Moderate Unreviewed
CVE-2025-62648 was published Oct 17, 2025
Ash has authorization bypass when bypass policy condition evaluates to true High
CVE-2025-48044 was published for ash (Erlang) Oct 17, 2025
jechol maennchen
zachdaniel
Credited to jechol, maennchen, and zachdaniel
An Incorrect Authorization vulnerability has been identified in Moxa’s network security... High Unreviewed
CVE-2025-6892 was published Oct 17, 2025
MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS High
CVE-2025-62506 was published for github.com/minio/minio (Go) Oct 16, 2025
donatello SimeonPoot
Credited to donatello and SimeonPoot
An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to... Moderate Unreviewed
CVE-2025-9955 was published Oct 16, 2025
Due to an insufficient access control implementation in multiple WSO2 Products, authentication... Critical Unreviewed
CVE-2025-10611 was published Oct 16, 2025
Mattermost has an Incorrect Authorization vulnerability Low
CVE-2025-10545 was published for github.com/mattermost/mattermost-server (Go) Oct 16, 2025
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and... Moderate Unreviewed
CVE-2025-54277 was published Oct 14, 2025
Magento vulnerable to privilege escalation due to incorrect authorization Moderate
CVE-2025-54267 was published for magento/community-edition (Composer) Oct 14, 2025
Magento provides incorrect authorization through a security feature bypass High
CVE-2025-54263 was published for magento/community-edition (Composer) Oct 14, 2025
Magento allows incorrect authorization Moderate
CVE-2025-54265 was published for magento/community-edition (Composer) Oct 14, 2025
SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an authenticated attacker with... Moderate Unreviewed
CVE-2025-42939 was published Oct 14, 2025
Liferay Publications is vulnerable to Incorrect Authorization Moderate
CVE-2025-62243 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
Ash Framework: Filter authorization misapplies impossible bypass/runtime policies High
CVE-2025-48043 was published for ash (Erlang) Oct 13, 2025
maennchen zachdaniel
Credited to maennchen and zachdaniel
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization... Moderate Unreviewed
CVE-2025-7374 was published Oct 10, 2025
GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to... High Unreviewed
CVE-2025-11340 was published Oct 9, 2025
Nagios Log Server before 2024R1.3.2 allows authenticated users (with read-only API access) to... High Unreviewed
CVE-2025-44824 was published Oct 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database