Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

6,768 advisories

Loading
In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules are improperly enforced on... Moderate Unreviewed
CVE-2025-12148 was published Oct 29, 2025
NextAuthjs Email misdelivery Vulnerability Moderate
GHSA-5jpx-9hw9-2fx4 was published for next-auth (npm) Oct 29, 2025
rootxjs
Credited to rootxjs
The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions... Moderate Unreviewed
CVE-2023-7320 was published Oct 29, 2025
BBOT's gitlab.py exposes globally configured "gitlab" API key Moderate
CVE-2025-10282 was published for bbot (pip) Oct 27, 2025
justinsteven
Credited to justinsteven
A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the... Moderate Unreviewed
CVE-2025-12297 was published Oct 27, 2025
A vulnerability was detected in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca.... Moderate Unreviewed
CVE-2025-12276 was published Oct 27, 2025
The eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams plugin for WordPress... Moderate Unreviewed
CVE-2025-11760 was published Oct 25, 2025
An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job... Moderate Unreviewed
CVE-2025-54966 was published Oct 23, 2025
Moodle exposed the names of hidden groups to users Moderate
CVE-2025-62400 was published for moodle/moodle (Composer) Oct 23, 2025
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... Moderate Unreviewed
CVE-2025-61764 was published Oct 21, 2025
Vulnerability in the Oracle Life Sciences InForm product of Oracle Health Sciences Applications ... Moderate Unreviewed
CVE-2025-61885 was published Oct 21, 2025
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component:... Moderate Unreviewed
CVE-2025-61750 was published Oct 21, 2025
Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported... Moderate Unreviewed
CVE-2025-53047 was published Oct 21, 2025
Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle... Moderate Unreviewed
CVE-2025-50074 was published Oct 21, 2025
An unauthenticated Local File Inclusion (LFI) vulnerability in D-Link DSR series routers allows... Moderate Unreviewed
CVE-2025-60344 was published Oct 21, 2025
Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to... Moderate Unreviewed
CVE-2025-6239 was published Oct 21, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia... Moderate Unreviewed
CVE-2025-62699 was published Oct 21, 2025
A flaw has been found in Das Parking Management System 停车场管理系统 6.2.0. Affected is an unknown... Moderate Unreviewed
CVE-2025-9843 was published Oct 20, 2025
Some Honor products are affected by information leak vulnerability, successful exploitation of... Moderate Unreviewed
CVE-2025-57838 was published Oct 20, 2025
Photo module is affected by information leak vulnerability, successful exploitation of this... Moderate Unreviewed
CVE-2025-57839 was published Oct 20, 2025
The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensitive Information Disclosure... Moderate Unreviewed
CVE-2025-10750 was published Oct 18, 2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia... Moderate Unreviewed
CVE-2025-62669 was published Oct 18, 2025
Strapi core vulnerable to sensitive data exposure via CORS misconfiguration Moderate
CVE-2025-53092 was published for @strapi/core (npm) Oct 16, 2025
ghostvirus62 derrickmehaffy
alexandrebodin innerdvations
Credited to ghostvirus62, derrickmehaffy, alexandrebodin, and innerdvations
The External Login plugin for WordPress is vulnerable to sensitive information exposure in all... Moderate Unreviewed
CVE-2025-11196 was published Oct 15, 2025
Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual... Moderate Unreviewed
CVE-2025-59260 was published Oct 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database