Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,363 advisories

Loading
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access... High Unreviewed
CVE-2025-61811 was published Dec 10, 2025
Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges... High Unreviewed
CVE-2025-64673 was published Dec 9, 2025
Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to... High Unreviewed
CVE-2025-62570 was published Dec 9, 2025
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker... High Unreviewed
CVE-2025-62474 was published Dec 9, 2025
Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate... High Unreviewed
CVE-2025-59517 was published Dec 9, 2025
memos vulnerability allows the creation of arbitrary accounts High
CVE-2025-65795 was published for github.com/usememos/memos (Go) Dec 8, 2025
A lack of Management Frame Protection in Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet... High Unreviewed
CVE-2025-63363 was published Dec 4, 2025
Incorrect access control in the component ApiOrderService.java of platform v1.0.0 allows... High Unreviewed
CVE-2025-57212 was published Dec 4, 2025
Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows... High Unreviewed
CVE-2025-57213 was published Dec 4, 2025
Incorrect access control in the component ApiPayController.java of platform v1.0.0 allows... High Unreviewed
CVE-2025-57210 was published Dec 4, 2025
XWiki Jetty Package (XJetty) allows accessing any application file through URL High
CVE-2025-55749 was published for org.xwiki.platform:xwiki-platform-tool-jetty-resources (Maven) Dec 1, 2025
Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows... High Unreviewed
CVE-2025-57489 was published Dec 1, 2025
An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the... High Unreviewed
CVE-2025-61229 was published Dec 1, 2025
Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope... High Unreviewed
CVE-2025-46174 was published Nov 26, 2025
Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers... High Unreviewed
CVE-2025-55471 was published Nov 26, 2025
Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope... High Unreviewed
CVE-2025-46175 was published Nov 26, 2025
An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the... High Unreviewed
CVE-2025-56396 was published Nov 26, 2025
Better Auth Passkey Plugin allows passkey deletion through IDOR High
GHSA-4vcf-q4xf-f48m was published for @better-auth/passkey (npm) Nov 25, 2025
goksan
Credited to goksan
Primakon Pi Portal 1.0.18 /api/v2/pp_users endpoint fails to adequately check user permissions... High Unreviewed
CVE-2025-64064 was published Nov 25, 2025
Primakon Pi Portal 1.0.18 REST /api/v2/user/register endpoint suffers from a Broken Access... High Unreviewed
CVE-2025-64066 was published Nov 25, 2025
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... High Unreviewed
CVE-2025-54563 was published Nov 25, 2025
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert... High Unreviewed
CVE-2025-54338 was published Nov 25, 2025
Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in... High Unreviewed
CVE-2025-48986 was published Nov 20, 2025
The ITEL ISO FM SFN Adapter (firmware ISO2 2.0.0.0, WebServer 2.0) is vulnerable to session... High Unreviewed
CVE-2025-63219 was published Nov 19, 2025
A vulnerability in the SSH restricted shell interface of the network management services allows... High Unreviewed
CVE-2025-37155 was published Nov 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database