Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,489
Maven
5,000+
npm
4,106
NuGet
735
pip
3,927
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

978 advisories

Loading
A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS... Moderate Unreviewed
CVE-2025-40594 was published Sep 9, 2025
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper privilege management... Moderate Unreviewed
CVE-2025-43722 was published Sep 8, 2025
Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to... Moderate Unreviewed
CVE-2025-2713 was published Mar 28, 2025
An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. An attacker can achieve... Moderate Unreviewed
CVE-2025-32098 was published Sep 5, 2025
frost-core: refresh shares with smaller min_signers will reduce security of group Moderate
CVE-2025-58359 was published for frost-core (Rust) Sep 3, 2025
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that... Moderate Unreviewed
CVE-2024-3470 was published Apr 19, 2024
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that... Moderate Unreviewed
CVE-2024-1908 was published Mar 21, 2024
Contao does not properly manage privileges for page and article fields Moderate
CVE-2025-57759 was published for contao/contao (Composer) Aug 28, 2025
lukasbableck
Insufficient privilege verification in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime ... Moderate Unreviewed
CVE-2025-55627 was published Aug 22, 2025
Improper Privilege Management in Sprecher Automation SPRECON-E below version 8.71j allows a... Moderate Unreviewed
CVE-2024-6758 was published Aug 12, 2024
In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain... Moderate Unreviewed
CVE-2025-27846 was published Aug 14, 2025
In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are... Moderate Unreviewed
CVE-2025-27847 was published Aug 14, 2025
Privilege escalation occurs when a user gets access to more resources or functionality than they... Moderate Unreviewed
CVE-2025-8660 was published Aug 11, 2025
Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File... Moderate Unreviewed
CVE-2025-0651 was published Jan 22, 2025
This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8... Moderate Unreviewed
CVE-2025-22165 was published Jul 25, 2025
Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled) Moderate
CVE-2025-7784 was published for org.keycloak:keycloak-services (Maven) Jul 30, 2025
Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled) Moderate
GHSA-83j7-mhw9-388w was published for org.keycloak:keycloak-services (Maven) Jul 18, 2025 withdrawn
Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged... Moderate Unreviewed
CVE-2025-32353 was published Jul 16, 2025
An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate... Moderate Unreviewed
CVE-2024-48730 was published Jul 25, 2025
In OceanBase's Oracle tenant mode, a malicious user with specific privileges can achieve... Moderate Unreviewed
CVE-2025-8107 was published Jul 25, 2025
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle... Moderate Unreviewed
CVE-2025-50061 was published Jul 15, 2025
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... Moderate Unreviewed
CVE-2025-50064 was published Jul 15, 2025
Liferay Portal and Liferay DXP Fails to Check Permissions in Translation Module Moderate
CVE-2022-38512 was published for com.liferay.portal:release.dxp.bom (Maven) Sep 23, 2022
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed
CVE-2025-53025 was published Jul 15, 2025
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). ... Moderate Unreviewed
CVE-2025-53026 was published Jul 15, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database