GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,275
Composer 4,908
Erlang 39
GitHub Actions 38
Go 2,568
Maven 6,036
npm 4,240
NuGet 754
pip 4,004
Pub 12
RubyGems 953
Rust 1,042
Swift 45

Unreviewed advisories

All unreviewed 273,848

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

86 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/... Moderate Unreviewed

CVE-2025-11280 was published Oct 5, 2025

Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api... Moderate Unreviewed

CVE-2025-59797 was published Sep 22, 2025

AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability. The issue may allow... Moderate Unreviewed

CVE-2025-31971 was published Aug 28, 2025

In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint... Moderate Unreviewed

CVE-2025-53073 was published Jun 26, 2025

Direct request ('Forced Browsing') issue exists in iroha Board versions v0.10.12 and earlier. If... Moderate Unreviewed

CVE-2025-41404 was published Jun 26, 2025

Innoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR) at multiple places within... Moderate Unreviewed

CVE-2025-52920 was published Jun 23, 2025

A vulnerability classified as problematic has been found in code-projects Automated Voting System... Moderate Unreviewed

CVE-2025-6352 was published Jun 20, 2025

reint_downloadmanager TYPO3 Extension is susceptible to Insecure Direct Object Reference Moderate

CVE-2025-48207 was published for renolit/reint-downloadmanager (Composer) May 21, 2025

The femanager TYPO3 extension allows Insecure Direct Object Reference Moderate

CVE-2025-48202 was published for in2code/femanager (Composer) May 21, 2025

Grokability Snipe-IT has incorrect authorization for accessing asset information Moderate

CVE-2025-47226 was published for snipe/snipe-it (Composer) May 2, 2025

Ververica Platform 2.14.0 allows low-privileged users to access SQL connectors via a direct... Moderate Unreviewed

CVE-2025-46690 was published Apr 28, 2025

NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users... Moderate Unreviewed

CVE-2025-27581 was published Apr 24, 2025

An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and... Moderate Unreviewed

CVE-2025-2595 was published Apr 23, 2025

A vulnerability was found in Beijing Zhide Intelligent Internet Technology Modern Farm Digital... Moderate Unreviewed

CVE-2025-2147 was published Mar 10, 2025

Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests... Moderate Unreviewed

CVE-2024-55075 was published Jan 6, 2025

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is... Moderate Unreviewed

CVE-2024-11049 was published Nov 10, 2024

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been... Moderate Unreviewed

CVE-2024-7753 was published Aug 14, 2024

An improper authentication vulnerability affecting Vonets industrial wifi bridge relays... Moderate Unreviewed

CVE-2024-42001 was published Aug 12, 2024

A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719.... Moderate Unreviewed

CVE-2024-7153 was published Jul 28, 2024

A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been declared... Moderate Unreviewed

CVE-2024-7080 was published Jul 24, 2024

A vulnerability classified as problematic has been found in Parsec Automation TrakSYS 11.x.x.... Moderate Unreviewed

CVE-2024-6414 was published Jun 30, 2024

A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic.... Moderate Unreviewed

CVE-2024-6188 was published Jun 20, 2024

Silverstripe Missing security check on dev/build/defaults Moderate

GHSA-x5w2-wcr8-9q45 was published for silverstripe/framework (Composer) May 23, 2024

Silverstripe Forum Module CSRF Vulnerability Moderate

GHSA-w8fq-xgvh-cxc2 was published for silverstripe/forum (Composer) May 23, 2024

Mautic uses predictable page indices for unpublished landing pages, their content can be accessed... Moderate Unreviewed

CVE-2024-2730 was published Apr 10, 2024

Previous1…4 Next

Previous 1 2 3 4 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

86 advisories