Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

768 advisories

Loading
Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317... High Unreviewed
CVE-2025-59305 was published Sep 24, 2025
A flaw has been found in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is... Moderate Unreviewed
CVE-2025-10947 was published Sep 25, 2025
kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace Low
GHSA-q6hv-wcjr-wp8h was published for github.com/kcp-dev/kcp (Go) Sep 26, 2025
SimonTheLeg embik
Credited to SimonTheLeg and embik
Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id. Moderate Unreviewed
CVE-2025-59686 was published Oct 1, 2025
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-11227 was published Oct 4, 2025
A vulnerability was detected in zhuimengshaonian wisdom-education up to 1.0.4. The affected... Moderate Unreviewed
CVE-2025-11321 was published Oct 6, 2025
XWiki OIDC Authenticator: Users with "view" access can create tokens for any users they can view Critical
CVE-2025-49594 was published for org.xwiki.contrib.oidc:oidc-authenticator (Maven) Oct 6, 2025
Casdoor is vulnerable to Improper Authorization High
CVE-2025-61524 was published for github.com/casdoor/casdoor (Go) Oct 8, 2025
Better Auth: Unauthenticated API key creation through api-key plugin Critical
CVE-2025-61928 was published for better-auth (npm) Oct 9, 2025
etiennelunetta
Credited to etiennelunetta
Redis Enterprise Elevation of Privilege Vulnerability High Unreviewed
CVE-2025-59271 was published Oct 9, 2025
An improper authorization vulnerability [CWE-285] in Fortinet FortiOS version 7.4.0 through 7.4.1... Moderate Unreviewed
CVE-2025-54822 was published Oct 14, 2025
The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2025-11510 was published Oct 18, 2025
The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due... Moderate Unreviewed
CVE-2025-11256 was published Oct 18, 2025
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component:... Moderate Unreviewed
CVE-2025-53056 was published Oct 21, 2025
Hono Improper Authorization vulnerability High
CVE-2025-62610 was published for hono (npm) Oct 22, 2025
okazu-dm
Credited to okazu-dm
Jira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the... Moderate Unreviewed
CVE-2025-22171 was published Oct 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user without sufficient... Moderate Unreviewed
CVE-2025-22170 was published Oct 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected... Moderate Unreviewed
CVE-2025-22169 was published Oct 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected... Moderate Unreviewed
CVE-2025-22168 was published Oct 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected... Moderate Unreviewed
CVE-2025-22172 was published Oct 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected... Moderate Unreviewed
CVE-2025-22174 was published Oct 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected... Moderate Unreviewed
CVE-2025-22177 was published Oct 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected... Moderate Unreviewed
CVE-2025-22173 was published Oct 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected... Moderate Unreviewed
CVE-2025-22176 was published Oct 22, 2025
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected... Moderate Unreviewed
CVE-2025-22175 was published Oct 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database