Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,701
Maven
5,000+
npm
4,328
NuGet
761
pip
4,103
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

89 advisories

Loading
Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel Moderate
CVE-2025-66306 was published for getgrav/grav (Composer) Dec 2, 2025
ElvinNuruyev
Credited to ElvinNuruyev
Clerk-js vulnerable to bypass of OAuth authentication flow by manipulating request at OTP verification stage Moderate
CVE-2025-63700 was published for @clerk/clerk-js (npm) Nov 20, 2025
Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62252 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 13, 2025
Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62242 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62241 was published for com.liferay.commerce:com.liferay.commerce.order.content.web (Maven) Oct 13, 2025
Liferay Publications vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62244 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
Liferay Portal Vulnerable to IDOR via audit events Moderate
CVE-2025-43827 was published for com.liferay:com.liferay.portal.security.audit.storage.service (Maven) Sep 30, 2025
Liferay Portal and DXP allows users to add a note to a different virtual instance Moderate
CVE-2025-43810 was published for com.liferay.commerce:com.liferay.commerce.service (Maven) Sep 23, 2025
Liferay Contacts Center widget has insecure direct object reference Moderate
CVE-2025-43803 was published for com.liferay:com.liferay.contacts.web (Maven) Sep 19, 2025
Liferay Portal API Allows Authenticated Users to Access Workflow Definitions by Name Moderate
CVE-2025-43782 was published for com.liferay:com.liferay.portal.workflow.kaleo.runtime.integration.impl (Maven) Sep 11, 2025
Indico may disclose unauthorized user details access via legacy API Moderate
CVE-2025-59034 was published for indico (pip) Sep 10, 2025
inkz
Credited to inkz
Liferay Portal Vulnerable to Insecure Direct Object Reference Moderate
CVE-2025-43732 was published for com.liferay:com.liferay.roles.selector.web (Maven) Aug 18, 2025
Femanager extension for TYPO3 allows Insecure Direct Object Reference Moderate
CVE-2025-7900 was published for in2code/femanager (Composer) Jul 22, 2025
Powermail extension for TYPO3 allows Insecure Direct Object Reference Moderate
CVE-2025-7899 was published for in2code/powermail (Composer) Jul 22, 2025
Indico vulnerability allows attackers to bulk dump user details Moderate
CVE-2025-53640 was published for indico (pip) Jul 14, 2025
rafaelcorvino1 rildosouza
nmmorette
Credited to rafaelcorvino1, rildosouza, and nmmorette
reint_downloadmanager TYPO3 Extension is susceptible to Insecure Direct Object Reference Moderate
CVE-2025-48207 was published for renolit/reint-downloadmanager (Composer) May 21, 2025
The femanager TYPO3 extension allows Insecure Direct Object Reference Moderate
CVE-2025-48202 was published for in2code/femanager (Composer) May 21, 2025
Grokability Snipe-IT has incorrect authorization for accessing asset information Moderate
CVE-2025-47226 was published for snipe/snipe-it (Composer) May 2, 2025
Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users Moderate
CVE-2025-3640 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle allows IDOR in RSS block, which allows access to additional RSS feeds Moderate
CVE-2025-3636 was published for moodle/moodle (Composer) Apr 25, 2025
Security Update for the OPC UA .NET Standard Stack Moderate
CVE-2024-42512 was published for OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) Mar 3, 2025
TomTervoort AnonySE26
Credited to TomTervoort and AnonySE26
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc) Moderate
CVE-2025-24856 was published for causal/oidc (Composer) Jan 28, 2025
Indico Insecure Access Moderate
CVE-2024-50633 was published for indico (pip) Jan 16, 2025
khoj has an IDOR in subscription management allows unauthorized subscription modifications Moderate
CVE-2024-52294 was published for khoj (pip) Dec 30, 2024
adventure8812 r0path
Credited to adventure8812 and r0path
Oqtane Framework Insecure Direct Object Reference vulnerability Moderate
CVE-2024-55471 was published for Oqtane.Framework (NuGet) Dec 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database