Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

280 advisories

Loading
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification... Critical Unreviewed
CVE-2025-13342 was published Dec 3, 2025
Mautic user without privileged access to the Marketplace can install and uninstall composer packages Critical
CVE-2025-13828 was published for mautic/core (Composer) Dec 2, 2025
driskell escopecz
patrykgruszka
Credited to driskell, escopecz, and patrykgruszka
An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from... Critical Unreviewed
CVE-2025-65669 was published Nov 26, 2025
Missing Authorization vulnerability in sertifier Sertifier Certificate & Badge Maker sertifier... Critical Unreviewed
CVE-2025-53214 was published Nov 6, 2025
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a... Critical Unreviewed
CVE-2025-12158 was published Nov 4, 2025
The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for... Critical Unreviewed
CVE-2025-11833 was published Nov 1, 2025
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in... Critical Unreviewed
CVE-2025-64348 was published Oct 31, 2025
Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH... Critical Unreviewed
CVE-2023-7317 was published Oct 31, 2025
Missing Authorization vulnerability in gerritvanaaken Podlove Web Player podlove-web-player... Critical Unreviewed
CVE-2025-62908 was published Oct 27, 2025
Missing Authorization vulnerability in Mark O'Donnell MSTW CSV EXPORTER mstw-csv-exporter allows... Critical Unreviewed
CVE-2025-62944 was published Oct 27, 2025
Missing Authorization vulnerability in epiphanyit321 Referral Link Tracker referral-link-tracker... Critical Unreviewed
CVE-2025-62906 was published Oct 27, 2025
Missing Authorization vulnerability in themeshopy TS Demo Importer ts-demo-importer allows... Critical Unreviewed
CVE-2025-62919 was published Oct 27, 2025
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart... Critical Unreviewed
CVE-2025-62892 was published Oct 27, 2025
Karmada Dashboard API Unauthorized Access Vulnerability Critical
CVE-2025-62714 was published for github.com/karmada-io/dashboard (Go) Oct 24, 2025
warjiang noxosd
RainbowMango
Credited to warjiang, noxosd, and RainbowMango
Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter... Critical Unreviewed
CVE-2025-53424 was published Oct 22, 2025
Missing Authorization vulnerability in Wikimedia Foundation Wikipedia Preview wikipedia-preview... Critical Unreviewed
CVE-2025-52738 was published Oct 22, 2025
Melis Platform CMS Unauthenticated Admin Account Creation Critical
CVE-2025-10352 was published for melisplatform/melis-core (Composer) Oct 8, 2025
ivansmc00
Credited to ivansmc00
The Custom Searchable Data Entry System plugin for WordPress is vulnerable to unauthenticated... Critical Unreviewed
CVE-2020-36852 was published Oct 1, 2025
A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11... Critical Unreviewed
CVE-2025-54943 was published Sep 25, 2025
The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is... Critical Unreviewed
CVE-2025-9054 was published Sep 24, 2025
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized... Critical Unreviewed
CVE-2025-10690 was published Sep 19, 2025
Missing Authorization vulnerability in Hamid Alinia Login with phone number.This issue affects... Critical Unreviewed
CVE-2024-32832 was published Aug 31, 2025
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user... Critical Unreviewed
CVE-2025-52352 was published Aug 21, 2025
The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2025-8898 was published Aug 16, 2025
Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform... Critical Unreviewed
CVE-2025-50171 was published Aug 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database