Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,049
Maven
5,000+
npm
4,787
NuGet
825
pip
4,384
Pub
12
RubyGems
988
Rust
1,144
Swift
50
Unreviewed advisories
All unreviewed
5,000+

3,018 advisories

Loading
Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated... High Unreviewed
CVE-2018-25146 was published Dec 24, 2025
A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS.... High Unreviewed
CVE-2025-2515 was published Dec 24, 2025
Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues Moderate
CVE-2025-13767 was published for github.com/mattermost/mattermost-server (Go) Dec 24, 2025
Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin Moderate
CVE-2025-64641 was published for github.com/mattermost/mattermost-server (Go) Dec 24, 2025
KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential High
CVE-2025-68476 was published for github.com/kedacore/keda/v2 (Go) Dec 22, 2025
Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by... Moderate Unreviewed
CVE-2025-68422 was published Dec 19, 2025
Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by... Moderate Unreviewed
CVE-2025-68386 was published Dec 19, 2025
Improper access checks in M-Files Server before 25.12 allows users to download files through M... Moderate Unreviewed
CVE-2025-14318 was published Dec 18, 2025
Memory corruption while loading an invalid firmware in boot loader. High Unreviewed
CVE-2025-47382 was published Dec 18, 2025
The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all... Moderate Unreviewed
CVE-2025-14081 was published Dec 17, 2025
Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation Moderate
CVE-2025-13324 was published for github.com/mattermost/mattermost (Go) Dec 17, 2025
Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency Moderate
GHSA-vvg7-8rmq-92g7 was published for auth0/wordpress (Composer) Dec 17, 2025
Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK Moderate
GHSA-f3r2-88mq-9v4g was published for auth0/symfony (Composer) Dec 17, 2025
Auth0 Laravel SDK has Improper Audience Validation via Auth0-PHP SDK dependency Moderate
GHSA-7hh9-gp72-wh7h was published for auth0/login (Composer) Dec 17, 2025
Auth0-PHP SDK has Improper Audience Validation Moderate
CVE-2025-68129 was published for auth0/auth0-php (Composer) Dec 17, 2025
ListCheck.exe developed by Acer has a Local Privilege Escalation vulnerability. Authenticated... High Unreviewed
CVE-2025-14305 was published Dec 17, 2025
Liferay Portal and DXP Instance Admin can execute code using Objects Actions and Validations High
CVE-2025-3586 was published for com.liferay:com.liferay.object.service (Maven) Dec 12, 2025
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's... Low Unreviewed
CVE-2025-67740 was published Dec 11, 2025
Improper Request Caching Lookup in the Auth0 Next.js SDK Moderate
CVE-2025-67490 was published for @auth0/nextjs-auth0 (npm) Dec 10, 2025
MegaManSec Credited to MegaManSec
Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root... Critical Unreviewed
CVE-2025-13184 was published Dec 10, 2025
Unprotected service in the AudioLink component allows a local attacker to overwrite system files... Moderate Unreviewed
CVE-2025-9056 was published Dec 10, 2025
An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow... Moderate Unreviewed
CVE-2025-54838 was published Dec 9, 2025
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4).... Moderate Unreviewed
CVE-2025-40819 was published Dec 9, 2025
Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands High
CVE-2025-66623 was published for io.strimzi:strimzi (Maven) Dec 5, 2025
scholzj Credited to scholzj, ppatierno, and im-konge ppatierno ppatierno
im-konge im-konge
Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth... Moderate Unreviewed
CVE-2025-65900 was published Dec 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database