Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,700
Maven
5,000+
npm
4,327
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

91 advisories

Loading
The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in... Critical Unreviewed
CVE-2025-13615 was published Nov 30, 2025
Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core... Critical Unreviewed
CVE-2025-58627 was published Nov 6, 2025
Lost and Found Information System 1.0 allows account takeover via username and password to a ... Critical Unreviewed
CVE-2023-38965 was published Nov 3, 2023
Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand... Critical Unreviewed
CVE-2025-0987 was published Nov 3, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2025-5947 was published Aug 1, 2025
The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in... Critical Unreviewed
CVE-2025-10742 was published Oct 16, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord... Critical Unreviewed
CVE-2024-1744 was published Sep 6, 2024
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2025-5948 was published Sep 19, 2025
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to... Critical Unreviewed
CVE-2025-9114 was published Sep 8, 2025
An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash... Critical Unreviewed
CVE-2025-45968 was published Aug 25, 2025
An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows... Critical Unreviewed
CVE-2024-11167 was published Mar 20, 2025
The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion... Critical Unreviewed
CVE-2025-4855 was published Jul 9, 2025
HashiCorp Vault vulnerable to incorrect metadata access Critical
CVE-2022-40186 was published for github.com/hashicorp/vault (Go) Sep 23, 2022
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2025-3605 was published May 9, 2025
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2025-3811 was published May 9, 2025
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2025-3810 was published May 9, 2025
This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on... Critical Unreviewed
CVE-2025-42605 was published Apr 23, 2025
RSFirewall tries to identify the original IP address by looking at different HTTP headers. A... Critical Unreviewed
CVE-2021-4226 was published Dec 15, 2022
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-11284 was published Mar 14, 2025
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-11285 was published Mar 14, 2025
IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations Critical
CVE-2025-27507 was published for github.com/zitadel/zitadel (Go) Mar 4, 2025
amit-laish livio-a
fforootd adlerhurst
Credited to amit-laish, livio-a, fforootd, and adlerhurst
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct... Critical Unreviewed
CVE-2024-50693 was published Feb 26, 2025
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct... Critical Unreviewed
CVE-2024-50687 was published Feb 26, 2025
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct... Critical Unreviewed
CVE-2024-50689 was published Feb 26, 2025
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct... Critical Unreviewed
CVE-2024-50686 was published Feb 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database