Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

227 advisories

Loading
Alkacon OpenCMS Improper Access Control via system/workplace/views/admin/admin-main.jsp Moderate
CVE-2006-3935 was published for org.opencms:opencms-core (Maven) May 1, 2022
Mautic segment cloning doesn't have a proper permission check Moderate
CVE-2024-47055 was published for mautic/core (Composer) May 28, 2025
abhisekmazumdar patrykgruszka
nick-vanpraet
Mautic's Predictable Page Indexing Might Lead to Sensitive Data Exposure Moderate
CVE-2025-5257 was published for mautic/core (Composer) May 28, 2025
Liferay Portal and Liferay DXP Bypass via Double Encoded URL Moderate
CVE-2020-15840 was published for com.liferay.portal:com.liferay.portal.impl (Maven) May 24, 2022
Jenkins WildFly Deployer Plugin vulnerable to path traversal Moderate
CVE-2022-41235 was published for org.jenkins-ci.plugins:wildfly-deployer (Maven) Sep 22, 2022
NotMyFault
Mattermost allows a remote actor to make an arbitrary local channel read-only Moderate
CVE-2024-41162 was published for github.com/mattermost/mattermost/server/v8 (Go) Aug 1, 2024
The femanager TYPO3 extension allows Insecure Direct Object Reference Moderate
CVE-2025-48202 was published for in2code/femanager (Composer) May 21, 2025
Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module Moderate
CVE-2021-29041 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
WildFly improper RBAC permission Moderate
CVE-2025-23367 was published for org.wildfly.core:wildfly-server (Maven) Jan 31, 2025
OpenFGA Authorization Bypass Moderate
CVE-2025-46331 was published for github.com/openfga/openfga (Go) Apr 30, 2025
avinashs433
Missing permissions check in Liferay Portal Moderate
CVE-2022-42126 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Vite allows server.fs.deny to be bypassed with .svg or relative paths Moderate
CVE-2025-31486 was published for vite (npm) Apr 4, 2025
HSwift Iuhsssss
kikayli sw0rd1ight do9gy-msec Onetpaer
TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz) Moderate
CVE-2022-47407 was published for fixpunkt/fp-masterquiz (Composer) Dec 14, 2022
MarkLee131
Magento Improper Access Control vulnerability Moderate
CVE-2025-24436 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24437 was published for magento/community-edition (Composer) Feb 11, 2025
Moodle does not use the forceloginforprofiles setting for course-profiles access control Moderate
CVE-2011-4279 was published for moodle/moodle (Composer) May 13, 2022
Joomla! allows attackers to access cached pages Moderate
CVE-2008-3226 was published for joomla/joomla-platform (Composer) May 1, 2022
Roundup Improper Access Control Moderate
CVE-2009-2737 was published for Roundup (pip) May 2, 2022
anonymous4ACL24
Shopware Broken ACL on Document retrieval to access other customers documents Moderate
GHSA-68wv-g3fw-pq7q was published for shopware/core (Composer) Apr 8, 2025
Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin Moderate
CVE-2023-24425 was published for com.cloudbees.jenkins.plugins:kubernetes-credentials-provider (Maven) Jan 26, 2023
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query Moderate
CVE-2025-31125 was published for vite (npm) Mar 31, 2025
Iuhsssss
Privilege escalation in Liferay Portal Moderate
CVE-2022-45320 was published for com.liferay.portal:release.portal.bom (Maven) Feb 20, 2024
Vite bypasses server.fs.deny when using ?raw?? Moderate
CVE-2025-30208 was published for vite (npm) Mar 25, 2025
Ezzer17
CosmWasm Allows Bypass of Capability Restrictions in Blockchains Moderate
CVE-2025-25500 was published for cosmwasm (Rust) Mar 18, 2025
Aim Improper Access Control Moderate
CVE-2024-8238 was published for aim (pip) Mar 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database