Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

385 advisories

Loading
An improper authorization vulnerability [CWE-285] in Fortinet FortiOS version 7.4.0 through 7.4.1... Moderate Unreviewed
CVE-2025-54822 was published Oct 14, 2025
A vulnerability was detected in zhuimengshaonian wisdom-education up to 1.0.4. The affected... Moderate Unreviewed
CVE-2025-11321 was published Oct 6, 2025
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-11227 was published Oct 4, 2025
Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id. Moderate Unreviewed
CVE-2025-59686 was published Oct 1, 2025
A flaw has been found in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is... Moderate Unreviewed
CVE-2025-10947 was published Sep 25, 2025
A vulnerability was detected in Webkul QloApps up to 1.7.0. This affects an unknown function of... Moderate Unreviewed
CVE-2025-10759 was published Sep 22, 2025
Authorization Bypass Through User-Controlled Key, CWE - 862 - Missing Authorization, – Improper... Moderate Unreviewed
CVE-2025-8532 was published Sep 19, 2025
Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource... Moderate Unreviewed
CVE-2025-8057 was published Sep 16, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8. An... Moderate Unreviewed
CVE-2025-43231 was published Sep 16, 2025
In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation... Moderate Unreviewed
CVE-2025-6088 was published Sep 11, 2025
A vulnerability was found in macrozheng mall up to 1.0.3. This vulnerability affects the function... Moderate Unreviewed
CVE-2025-9836 was published Sep 3, 2025
A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function... Moderate Unreviewed
CVE-2025-9835 was published Sep 3, 2025
The LWSCache plugin for WordPress is vulnerable to unauthorized modification of data due to... Moderate Unreviewed
CVE-2025-8147 was published Aug 29, 2025
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-7221 was published Aug 21, 2025
Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access Moderate
CVE-2025-55675 was published for apache-superset (pip) Aug 14, 2025
A vulnerability, which was classified as problematic, has been found in LitmusChaos Litmus up to... Moderate Unreviewed
CVE-2025-8794 was published Aug 10, 2025
A vulnerability was found in Portabilis i-Educar up to 2.9.0. It has been classified as... Moderate Unreviewed
CVE-2025-8789 was published Aug 10, 2025
A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This... Moderate Unreviewed
CVE-2025-8755 was published Aug 9, 2025
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive... Moderate Unreviewed
CVE-2025-8401 was published Jul 31, 2025
OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0 Moderate
CVE-2021-21411 was published for github.com/oauth2-proxy/oauth2-proxy/v7 (Go) Jul 30, 2025
bohrasd
Credited to bohrasd
A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 and classified as critical.... Moderate Unreviewed
CVE-2025-7938 was published Jul 21, 2025
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web... Moderate Unreviewed
CVE-2025-50073 was published Jul 15, 2025
Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows Moderate
CVE-2025-53889 was published for directus (npm) Jul 15, 2025
licitdev
Credited to licitdev
Secure-upload is a data submission service that validates single-use tokens when accepting... Moderate Unreviewed
CVE-2025-53709 was published Jul 10, 2025
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)... Moderate Unreviewed
CVE-2025-20264 was published Jun 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database