Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,911
Erlang
39
GitHub Actions
38
Go
2,569
Maven
5,000+
npm
4,245
NuGet
754
pip
4,006
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

86 advisories

Loading
A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/... Moderate Unreviewed
CVE-2025-11280 was published Oct 5, 2025
Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api... Moderate Unreviewed
CVE-2025-59797 was published Sep 22, 2025
AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability.  The issue may allow... Moderate Unreviewed
CVE-2025-31971 was published Aug 28, 2025
Liferay Portal and Liferay DXP Organization Selector Does Not Check User Permissions Moderate
CVE-2023-3426 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 2, 2023
In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint... Moderate Unreviewed
CVE-2025-53073 was published Jun 26, 2025
Direct request ('Forced Browsing') issue exists in iroha Board versions v0.10.12 and earlier. If... Moderate Unreviewed
CVE-2025-41404 was published Jun 26, 2025
Innoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR) at multiple places within... Moderate Unreviewed
CVE-2025-52920 was published Jun 23, 2025
A vulnerability classified as problematic has been found in code-projects Automated Voting System... Moderate Unreviewed
CVE-2025-6352 was published Jun 20, 2025
Grokability Snipe-IT has incorrect authorization for accessing asset information Moderate
CVE-2025-47226 was published for snipe/snipe-it (Composer) May 2, 2025
reint_downloadmanager TYPO3 Extension is susceptible to Insecure Direct Object Reference Moderate
CVE-2025-48207 was published for renolit/reint-downloadmanager (Composer) May 21, 2025
The femanager TYPO3 extension allows Insecure Direct Object Reference Moderate
CVE-2025-48202 was published for in2code/femanager (Composer) May 21, 2025
The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure... Moderate Unreviewed
CVE-2022-40845 was published Nov 15, 2022
In Simple Exam Reviewer Management System v1.0 the User List function has improper access control... Moderate Unreviewed
CVE-2022-42197 was published Oct 20, 2022
Showdoc Unauthenticated Access Moderate
CVE-2018-19620 was published for showdoc/showdoc (Composer) May 13, 2022
cx-aditya-dixit
Credited to cx-aditya-dixit
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET... Moderate Unreviewed
CVE-2022-28365 was published Apr 10, 2022
Ververica Platform 2.14.0 allows low-privileged users to access SQL connectors via a direct... Moderate Unreviewed
CVE-2025-46690 was published Apr 28, 2025
NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 allows users... Moderate Unreviewed
CVE-2025-27581 was published Apr 24, 2025
An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and... Moderate Unreviewed
CVE-2025-2595 was published Apr 23, 2025
An unauthenticated user can access Identity Manager’s management console specific page URLs.... Moderate Unreviewed
CVE-2022-25626 was published Jul 6, 2023
A vulnerability was found in Beijing Zhide Intelligent Internet Technology Modern Farm Digital... Moderate Unreviewed
CVE-2025-2147 was published Mar 10, 2025
A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE... Moderate Unreviewed
CVE-2023-44320 was published Nov 14, 2023
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted... Moderate Unreviewed
CVE-2021-26085 was published May 24, 2022
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct... Moderate Unreviewed
CVE-2005-1688 was published May 1, 2022
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images... Moderate Unreviewed
CVE-2004-2257 was published Apr 29, 2022
When following a redirect to a publicly accessible web extension file, the URL may have been... Moderate Unreviewed
CVE-2023-28160 was published Jun 2, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database