GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,792
Erlang
36
GitHub Actions
29
Go
2,377
Maven
5,000+
npm
4,002
NuGet
720
pip
3,802
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,009 advisories
Filter by severity
In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform...
Moderate
Unreviewed
CVE-2025-20300
was published
Jul 7, 2025
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected...
Moderate
Unreviewed
CVE-2025-49550
was published
Jun 26, 2025
A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0....
Moderate
Unreviewed
CVE-2025-6702
was published
Jun 26, 2025
Under certain conditions, an authenticated user request may execute with stale privileges...
Moderate
Unreviewed
CVE-2025-6707
was published
Jun 26, 2025
An incorrect authorization vulnerability exists in multiple WSO2 products that allows...
Moderate
Unreviewed
CVE-2024-3511
was published
Jun 23, 2025
Yealink YMCS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts,...
Moderate
Unreviewed
CVE-2025-52918
was published
Jun 22, 2025
The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2025-3880
was published
Jun 17, 2025
The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable to unauthorized access due...
Moderate
Unreviewed
CVE-2025-6003
was published
Jun 12, 2025
The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing ...
Moderate
Unreviewed
CVE-2024-8270
was published
Jun 11, 2025
Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization...
Moderate
Unreviewed
CVE-2025-36578
was published
Jun 10, 2025
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2),...
Moderate
Unreviewed
CVE-2025-40568
was published
Jun 10, 2025
Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and...
Moderate
Unreviewed
CVE-2025-49599
was published
Jun 6, 2025
An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the...
Moderate
Unreviewed
CVE-2024-7097
was published
May 30, 2025
IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due...
Moderate
Unreviewed
CVE-2025-25026
was published
May 28, 2025
A low-privileged user is able to obtain information about tasks executed on devices controlled by...
Moderate
Unreviewed
CVE-2025-1415
was published
May 21, 2025
A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure...
Moderate
Unreviewed
CVE-2025-20257
was published
May 21, 2025
A low-privileged user can access information about profiles created in Proget MDM (Mobile Device...
Moderate
Unreviewed
CVE-2025-1418
was published
May 21, 2025
In Proget MDM, a low-privileged user can access information about changes contained in backups of...
Moderate
Unreviewed
CVE-2025-1417
was published
May 21, 2025
The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is...
Moderate
Unreviewed
CVE-2025-4101
was published
May 17, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5...
Moderate
Unreviewed
CVE-2025-31227
was published
May 13, 2025
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS...
Moderate
Unreviewed
CVE-2025-30440
was published
May 13, 2025
Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager.
The vulnerability...
Moderate
Unreviewed
CVE-2025-3272
was published
May 7, 2025
The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all...
Moderate
Unreviewed
CVE-2025-3609
was published
May 6, 2025
The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2025-3861
was published
Apr 25, 2025
In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new...
Moderate
Unreviewed
CVE-2025-46544
was published
Apr 25, 2025
ProTip!
Advisories are also available from the
GraphQL API