Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,603
Maven
5,000+
npm
4,250
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

959 advisories

Loading
GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR)... High Unreviewed
CVE-2025-34293 was published Oct 25, 2025
Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and... High Unreviewed
CVE-2025-11957 was published Oct 22, 2025
Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows... High Unreviewed
CVE-2025-49952 was published Oct 22, 2025
The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for... Moderate Unreviewed
CVE-2025-6833 was published Oct 22, 2025
The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-10570 was published Oct 22, 2025
Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object... Moderate Unreviewed
CVE-2025-60511 was published Oct 21, 2025
Authorization Bypass Through User-Controlled Key vulnerability in VHS Electronic Software Ltd. Co... Moderate Unreviewed
CVE-2025-8884 was published Oct 20, 2025
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization... Moderate Unreviewed
CVE-2025-11519 was published Oct 18, 2025
The Event Tickets and Registration plugin for WordPress is vulnerable to payment bypass in all... High Unreviewed
CVE-2025-11517 was published Oct 18, 2025
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information... Moderate Unreviewed
CVE-2025-11741 was published Oct 18, 2025
The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in... Moderate Unreviewed
CVE-2025-11895 was published Oct 17, 2025
Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object... Moderate Unreviewed
CVE-2025-9559 was published Oct 16, 2025
Strapi Allows Unauthorized Access to Private Fields via parms.lookup High
CVE-2024-56143 was published for @strapi/core (npm) Oct 16, 2025
Boegie19 alexandrebodin
derrickmehaffy
Credited to Boegie19, alexandrebodin, and derrickmehaffy
The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in... Critical Unreviewed
CVE-2025-10742 was published Oct 16, 2025
Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This... High Unreviewed
CVE-2025-41020 was published Oct 16, 2025
The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference... Moderate Unreviewed
CVE-2025-11176 was published Oct 15, 2025
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server... Moderate Unreviewed
CVE-2025-40773 was published Oct 14, 2025
Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62252 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 13, 2025
Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62242 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62241 was published for com.liferay.commerce:com.liferay.commerce.order.content.web (Maven) Oct 13, 2025
Liferay Publications vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62244 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import... High Unreviewed
CVE-2025-9902 was published Oct 13, 2025
HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR).... Moderate Unreviewed
CVE-2025-31997 was published Oct 12, 2025
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct... Moderate Unreviewed
CVE-2025-11518 was published Oct 11, 2025
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for... High Unreviewed
CVE-2025-6038 was published Oct 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database