GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,140
Maven
5,000+
npm
3,800
NuGet
687
pip
3,478
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+
2,478 advisories
Filter by severity
Moodle's feedback response viewing and deletions did not respect Separate Groups mode
Moderate
CVE-2025-26526
was published
for
moodle/moodle
(Composer)
Feb 24, 2025
Moodle has an IDOR in badges allows disabling of arbitrary badges
Low
CVE-2025-26531
was published
for
moodle/moodle
(Composer)
Feb 24, 2025
Moodle allows teachers to evade trusttext config when restoring glossary entries
Low
CVE-2025-26532
was published
for
moodle/moodle
(Composer)
Feb 24, 2025
Mattermost fails to restrict channel export of archived channels
Moderate
CVE-2025-24526
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 24, 2025
The product performs an authorization check when an actor attempts to access a resource or...
High
Unreviewed
CVE-2024-5705
was published
Feb 20, 2025
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0
could allow an...
Moderate
Unreviewed
CVE-2024-45081
was published
Feb 19, 2025
Directus allows updates to non-allowed fields due to overlapping policies
Moderate
CVE-2025-27089
was published
for
@directus/api
(npm)
Feb 19, 2025
Insecure Permissions in Atos Eviden IDRA and IDCA before 2.7.0. A highly trusted role (Config...
Moderate
Unreviewed
CVE-2024-39328
was published
Feb 18, 2025
app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.
Moderate
Unreviewed
CVE-2024-57969
was published
Feb 14, 2025
Instaclustr Cassandra-Lucene-Index allows bypass of Cassandra RBAC
High
CVE-2025-26511
was published
for
com.instaclustr:cassandra-lucene-index-plugin
(Maven)
Feb 13, 2025
Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace...
High
Unreviewed
CVE-2025-0937
was published
Feb 12, 2025
Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8...
Moderate
Unreviewed
CVE-2025-0516
was published
Feb 12, 2025
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are...
Moderate
Unreviewed
CVE-2025-24421
was published
Feb 11, 2025
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are...
High
Unreviewed
CVE-2025-24407
was published
Feb 11, 2025
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are...
Moderate
Unreviewed
CVE-2025-24419
was published
Feb 11, 2025
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are...
Moderate
Unreviewed
CVE-2025-24420
was published
Feb 11, 2025
The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain...
Moderate
Unreviewed
CVE-2025-24872
was published
Feb 11, 2025
SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose...
Moderate
Unreviewed
CVE-2025-24869
was published
Feb 11, 2025
An authorization issue was addressed with improved state management. This issue is fixed in...
High
Unreviewed
CVE-2025-24200
was published
Feb 10, 2025
An error when handling authorization related to the import / export interfaces on the RISC...
Moderate
Unreviewed
CVE-2021-41528
was published
Feb 7, 2025
Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
Moderate
CVE-2025-24860
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Feb 4, 2025
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function....
High
Unreviewed
CVE-2024-57433
was published
Feb 1, 2025
macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users...
High
Unreviewed
CVE-2024-57434
was published
Feb 1, 2025
SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on...
Critical
Unreviewed
CVE-2024-47857
was published
Jan 31, 2025
macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys...
Critical
Unreviewed
CVE-2024-57432
was published
Jan 31, 2025
ProTip!
Advisories are also available from the
GraphQL API