GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,386
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,480
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+
422 advisories
Filter by severity
Mautic allows Improper Authorization in Reporting API
High
CVE-2024-47053
was published
for
mautic/core
(Composer)
Feb 26, 2025
ansible-core Incorrect Authorization vulnerability
Moderate
CVE-2024-9902
was published
for
ansible-core
(pip)
Nov 6, 2024
Moodle allows teachers to evade trusttext config when restoring glossary entries
Low
CVE-2025-26532
was published
for
moodle/moodle
(Composer)
Feb 24, 2025
Moodle has an IDOR in badges allows disabling of arbitrary badges
Low
CVE-2025-26531
was published
for
moodle/moodle
(Composer)
Feb 24, 2025
Moodle's feedback response viewing and deletions did not respect Separate Groups mode
Moderate
CVE-2025-26526
was published
for
moodle/moodle
(Composer)
Feb 24, 2025
Mattermost fails to restrict channel export of archived channels
Moderate
CVE-2025-24526
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 24, 2025
Directus allows updates to non-allowed fields due to overlapping policies
Moderate
CVE-2025-27089
was published
for
@directus/api
(npm)
Feb 19, 2025
Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
Moderate
CVE-2025-24860
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Feb 4, 2025
Email Validation Bypass And Preventing Sign Up From Email's Owner
Moderate
CVE-2023-6152
was published
for
github.com/grafana/grafana
(Go)
Feb 13, 2024
Instaclustr Cassandra-Lucene-Index allows bypass of Cassandra RBAC
High
CVE-2025-26511
was published
for
com.instaclustr:cassandra-lucene-index-plugin
(Maven)
Feb 13, 2025
Apache Superset incorrect write permissions vulnerability
High
CVE-2023-49734
was published
for
apache-superset
(pip)
Dec 19, 2023
Duplicate Advisory: Apache Superset - Elevation of Privilege
Moderate
GHSA-392c-vjfv-h7wr
was published
for
apache-superset
(pip)
Nov 27, 2023
•
withdrawn
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes
Moderate
CVE-2023-47037
was published
for
apache-airflow
(pip)
Nov 12, 2023
Apache Airflow Incorrect Authorization vulnerability
Moderate
CVE-2023-40611
was published
for
apache-airflow
(pip)
Sep 12, 2023
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Moderate
CVE-2024-24773
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper data authorization when creating a new dataset
Moderate
CVE-2024-24779
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper authorization validation on dashboards and charts import
Moderate
CVE-2024-26016
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Moderate
CVE-2024-28098
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Mar 12, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
High
CVE-2024-27309
was published
for
org.apache.kafka:kafka-metadata
(Maven)
Apr 12, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability
Critical
CVE-2024-36265
was published
for
apache-submarine
(Maven)
Jun 12, 2024
Broken Authentication in Atlassian Connect Express
High
CVE-2021-26073
was published
for
atlassian-connect-express
(npm)
May 24, 2022
Magento Open Source has Improper Access Control vulnerability
Moderate
CVE-2022-35692
was published
for
magento/community-edition
(Composer)
Aug 20, 2022
1Panel open source panel project has an unauthorized vulnerability.
Moderate
CVE-2024-27288
was published
for
github.com/1Panel-dev/1Panel
(Go)
Mar 6, 2024
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled
High
CVE-2024-53949
was published
for
apache-superset
(pip)
Dec 9, 2024
ProTip!
Advisories are also available from the
GraphQL API