Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

301,518 advisories

Loading
Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an... Low Unreviewed
CVE-2025-42914 was published Sep 9, 2025
SAP HCM My Timesheet Fiori 2.0 application does not perform necessary authorization checks for an... Moderate Unreviewed
CVE-2025-42912 was published Sep 9, 2025
A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is the... High Unreviewed
CVE-2025-10120 was published Sep 9, 2025
SAP HCM Approve Timesheets Fiori 2.0 application does not perform necessary authorization checks... Moderate Unreviewed
CVE-2025-42917 was published Sep 9, 2025
SAP NetWeaver (Service Data Download) allows an authenticated user to call a remote-enabled... Moderate Unreviewed
CVE-2025-42911 was published Sep 9, 2025
Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an... Moderate Unreviewed
CVE-2025-42915 was published Sep 9, 2025
SAP NetWeaver Application Server for ABAP allows authenticated users with access to background... Moderate Unreviewed
CVE-2025-42918 was published Sep 9, 2025
A weakness has been identified in SourceCodester Simple To-Do List System 1.0. Impacted is an... Moderate Unreviewed
CVE-2025-10117 was published Sep 9, 2025
A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring... Moderate Unreviewed
CVE-2025-10118 was published Sep 9, 2025
A vulnerability was found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown... Moderate Unreviewed
CVE-2025-10114 was published Sep 9, 2025
Liferay Portal is vulnerable to XSS attack through its Style Book theme Low
CVE-2025-43774 was published for com.liferay:com.liferay.frontend.taglib.clay (Maven) Sep 9, 2025
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2025-1761 was published Sep 9, 2025
A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the... Moderate Unreviewed
CVE-2025-10110 was published Sep 9, 2025
A vulnerability was determined in Campcodes Online Loan Management System 1.0. This issue affects... Moderate Unreviewed
CVE-2025-10109 was published Sep 9, 2025
A weakness has been identified in itsourcecode Student Information Management System 1.0. The... Moderate Unreviewed
CVE-2025-10112 was published Sep 9, 2025
A security flaw has been discovered in itsourcecode Student Information Management System 1.0.... Moderate Unreviewed
CVE-2025-10111 was published Sep 9, 2025
Liferay Portal is vulnerable to SSRF through custom object attachment fields Moderate
CVE-2025-43763 was published for com.liferay:com.liferay.object.service (Maven) Sep 9, 2025
A security vulnerability has been detected in itsourcecode Student Information Management System... Moderate Unreviewed
CVE-2025-10113 was published Sep 9, 2025
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part... Moderate Unreviewed
CVE-2025-10106 was published Sep 9, 2025
A vulnerability was found in Campcodes Online Loan Management System 1.0. This vulnerability... Moderate Unreviewed
CVE-2025-10108 was published Sep 9, 2025
pREST has a Systemic SQL Injection Vulnerability Critical
CVE-2025-58450 was published for github.com/prest/prest/v2 (Go) Sep 8, 2025
v1ktor0t
Credited to v1ktor0t
An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4... High Unreviewed
CVE-2025-52389 was published Sep 8, 2025
WeiPHP v5.0 and before is vulnerable to SQL Injection via the SucaiController.class.php file and... High Unreviewed
CVE-2025-55849 was published Sep 8, 2025
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to... Critical Unreviewed
CVE-2025-9114 was published Sep 8, 2025
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper privilege management... Moderate Unreviewed
CVE-2025-43722 was published Sep 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database