Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

986 advisories

Loading
In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege... Moderate Unreviewed
CVE-2021-43768 was published Oct 24, 2025
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed
CVE-2025-62592 was published Oct 21, 2025
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed
CVE-2025-61759 was published Oct 21, 2025
Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability... Moderate Unreviewed
CVE-2025-56747 was published Oct 14, 2025
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any... Moderate Unreviewed
CVE-2025-61152 was published Oct 10, 2025
FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment... Moderate Unreviewed
CVE-2025-57443 was published Oct 2, 2025
A potential security vulnerability has been identified in the HP Support Assistant for versions... Moderate Unreviewed
CVE-2025-10578 was published Oct 1, 2025
Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation.... Moderate Unreviewed
CVE-2025-57396 was published Sep 19, 2025
A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS... Moderate Unreviewed
CVE-2025-40594 was published Sep 9, 2025
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper privilege management... Moderate Unreviewed
CVE-2025-43722 was published Sep 8, 2025
An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. An attacker can achieve... Moderate Unreviewed
CVE-2025-32098 was published Sep 5, 2025
frost-core: refresh shares with smaller min_signers will reduce security of group Moderate
CVE-2025-58359 was published for frost-core (Rust) Sep 3, 2025
Contao does not properly manage privileges for page and article fields Moderate
CVE-2025-57759 was published for contao/contao (Composer) Aug 28, 2025
lukasbableck
Credited to lukasbableck
Insufficient privilege verification in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime ... Moderate Unreviewed
CVE-2025-55627 was published Aug 22, 2025
In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain... Moderate Unreviewed
CVE-2025-27846 was published Aug 14, 2025
In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are... Moderate Unreviewed
CVE-2025-27847 was published Aug 14, 2025
Privilege escalation occurs when a user gets access to more resources or functionality than they... Moderate Unreviewed
CVE-2025-8660 was published Aug 11, 2025
Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled) Moderate
CVE-2025-7784 was published for org.keycloak:keycloak-services (Maven) Jul 30, 2025
An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate... Moderate Unreviewed
CVE-2024-48730 was published Jul 25, 2025
In OceanBase's Oracle tenant mode, a malicious user with specific privileges can achieve... Moderate Unreviewed
CVE-2025-8107 was published Jul 25, 2025
This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8... Moderate Unreviewed
CVE-2025-22165 was published Jul 25, 2025
Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled) Moderate
GHSA-83j7-mhw9-388w was published for org.keycloak:keycloak-services (Maven) Jul 18, 2025 withdrawn
Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged... Moderate Unreviewed
CVE-2025-32353 was published Jul 16, 2025
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed
CVE-2025-53025 was published Jul 15, 2025
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed
CVE-2025-53030 was published Jul 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database