Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,884
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,205
NuGet
743
pip
3,978
Pub
12
RubyGems
947
Rust
1,034
Swift
39
Unreviewed advisories
All unreviewed
5,000+

87 advisories

Loading
Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions High
CVE-2025-59828 was published for @anthropic-ai/claude-code (npm) Sep 24, 2025
cai0duque
Flowise has unsandboxed remote code execution via Custom MCP High
GHSA-6933-jpx5-q87q was published for flowise (npm) Sep 15, 2025
assaf-levkovich-jf
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation High
CVE-2025-57817 was published for ethyca-fides (pip) Sep 8, 2025
thabofletcher erosselli
daveqnet
UnoPim has Broken Access Control High
CVE-2025-55741 was published for unopim/unopim (Composer) Aug 22, 2025
0xcharb
HAX CMS API Lacks Authorization Checks High
CVE-2025-54378 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 25, 2025
lfgberg
Backend.AI Missing Authorization vulnerability High
CVE-2025-49651 was published for backend.ai (pip) Jun 9, 2025
Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed High
CVE-2025-22235 was published for org.springframework.boot:spring-boot (Maven) Apr 28, 2025
The WikiManager REST API allows any user to create wikis High
CVE-2025-29926 was published for org.xwiki.platform:xwiki-platform-wiki-rest-default (Maven) Mar 19, 2025
Controller reconciles apps outside configured namespaces when sharding is enabled High
CVE-2023-22736 was published for github.com/argoproj/argo-cd/v2 (Go) Jan 25, 2023
czchen crenshaw-dev
Any user with view access to the XWiki space can change the authenticator High
CVE-2025-46557 was published for org.xwiki.platform:xwiki-platform-security-authentication-ui (Maven) Apr 30, 2025
Drupal OAuth2 Server Missing Authorization vulnerability High
CVE-2025-31691 was published for drupal/oauth2_server (Composer) Apr 1, 2025
Drupal Open Social Missing Authorization vulnerability High
CVE-2025-31686 was published for goalgorilla/open_social (Composer) Apr 1, 2025
Drupal Authenticator Login Missing Authorization vulnerability High
CVE-2025-31681 was published for drupal/alogin (Composer) Apr 1, 2025
CKAN contains Improper Authentication leading to account takeover High
CVE-2022-43685 was published for ckan (pip) Nov 22, 2022
Velociraptor vulnerable to Missing Authorization High
CVE-2023-0242 was published for www.velocidex.com/golang/velociraptor (Go) Jan 18, 2023
pgadmin4 vulnerable to Code Injection High
CVE-2022-4223 was published for pgadmin4 (pip) Dec 13, 2022
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
Missing permission checks in Jenkins Chaos Monkey Plugin High
CVE-2020-2322 was published for io.jenkins.plugins:chaos-monkey (Maven) May 24, 2022
NotMyFault anonymous-nlp-student
Authentication bypass for viewing and deletions of snapshots High
CVE-2021-39226 was published for github.com/grafana/grafana (Go) Oct 5, 2021
theblackturtle
Apache Airflow: Bypass permission verification to read code of other dags High
CVE-2023-50944 was published for apache-airflow (pip) Jan 24, 2024
Double spend in snarkjs High
CVE-2023-33252 was published for snarkjs (npm) May 22, 2023
Command injection in nevado-jms High
CVE-2023-31826 was published for org.skyscreamer:nevado-jms (Maven) May 23, 2023
Apache IoTDB grafana-connector contains an interface without authorization High
CVE-2022-38370 was published for org.apache.iotdb:iotdb-grafana-connector (Maven) Sep 6, 2022
Tryton Improper Access Control High
CVE-2019-10868 was published for trytond (pip) Apr 10, 2019
Script security bypass vulnerability in Jenkins Shared Library Version Override Plugin High
CVE-2024-52554 was published for io.jenkins.plugins:shared-library-version-override (Maven) Nov 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database