Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,472
Erlang
33
GitHub Actions
24
Go
2,187
Maven
5,000+
npm
3,841
NuGet
696
pip
3,609
Pub
12
RubyGems
911
Rust
910
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,687 advisories

Loading
A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated... Moderate Unreviewed
CVE-2025-2607 was published Mar 21, 2025
A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been... Moderate Unreviewed
CVE-2025-2606 was published Mar 21, 2025
An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. The... Moderate Unreviewed
CVE-2024-9617 was published Mar 20, 2025
In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where... High Unreviewed
CVE-2024-9098 was published Mar 20, 2025
lunary-ai/lunary version v1.4.25 contains an improper access control vulnerability in the POST ... Critical Unreviewed
CVE-2024-8999 was published Mar 20, 2025
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy,... High Unreviewed
CVE-2024-8613 was published Mar 20, 2025
Aim Improper Access Control Moderate
CVE-2024-8238 was published for aim (pip) Mar 20, 2025
In version 0.4.1 of danswer-ai/danswer, a vulnerability exists where a basic user can create... Moderate Unreviewed
CVE-2024-8057 was published Mar 20, 2025
An improper access control vulnerability exists in danswer-ai/danswer version v0.3.94. This... Moderate Unreviewed
CVE-2024-7767 was published Mar 20, 2025
A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2.... Moderate Unreviewed
CVE-2024-7476 was published Mar 20, 2025
In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On... Moderate Unreviewed
CVE-2024-7040 was published Mar 20, 2025
Due to a lack of access control, unauthorized users are able to view and modify information... High Unreviewed
CVE-2024-2292 was published Mar 20, 2025
In lunary-ai/lunary before version 1.6.3, an improper access control vulnerability exists where a... High Unreviewed
CVE-2024-11300 was published Mar 20, 2025
GPT Academy version 3.83 in the binary-husky/gpt_academic repository is vulnerable to Cross-Site... High Unreviewed
CVE-2024-10956 was published Mar 20, 2025
An Insecure Direct Object Reference (IDOR) vulnerability exists in the `PATCH /v1/runs/:id/score`... High Unreviewed
CVE-2024-11137 was published Mar 20, 2025
A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui... Critical Unreviewed
CVE-2024-11045 was published Mar 20, 2025
An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows... Critical Unreviewed
CVE-2024-11167 was published Mar 20, 2025
In version 1.5.5 of lunary-ai/lunary, a vulnerability exists where admins, who do not have direct... High Unreviewed
CVE-2024-10275 was published Mar 20, 2025
In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability.... Moderate Unreviewed
CVE-2024-10363 was published Mar 20, 2025
In lunary-ai/lunary version 1.5.6, the `/v1/evaluators/` endpoint lacks proper access control,... Moderate Unreviewed
CVE-2024-10330 was published Mar 20, 2025
An improper access control vulnerability (IDOR) exists in the delete attachments functionality of... High Unreviewed
CVE-2024-10366 was published Mar 20, 2025
lunary-ai/lunary is vulnerable to broken access control in the latest version. An attacker can... High Unreviewed
CVE-2024-10272 was published Mar 20, 2025
An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as... Critical Unreviewed
CVE-2025-30132 was published Mar 18, 2025
Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024... High Unreviewed
CVE-2025-25585 was published Mar 18, 2025
An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS... Critical Unreviewed
CVE-2023-47539 was published Mar 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database