Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,884
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,205
NuGet
743
pip
3,978
Pub
12
RubyGems
947
Rust
1,034
Swift
39
Unreviewed advisories
All unreviewed
5,000+

918 advisories

Loading
Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in... Moderate Unreviewed
CVE-2025-0642 was published Oct 2, 2025
Liferay Portal Vulnerable to IDOR via audit events Moderate
CVE-2025-43827 was published for com.liferay:com.liferay.portal.security.audit.storage.service (Maven) Sep 30, 2025
An Insecure Direct Object Reference (IDOR) in the /dashboard/notes endpoint of Syaqui... High Unreviewed
CVE-2025-56392 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41097 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41099 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41092 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41091 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41096 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41098 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41093 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41094 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41095 was published Sep 30, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Anadolu Hayat Emeklilik Inc.... Moderate Unreviewed
CVE-2025-9342 was published Sep 23, 2025
Liferay Portal and DXP allows users to add a note to a different virtual instance Moderate
CVE-2025-43810 was published for com.liferay.commerce:com.liferay.commerce.service (Maven) Sep 23, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS Academy LMS allows... Moderate Unreviewed
CVE-2025-59562 was published Sep 22, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Alex Content Mask allows... Low Unreviewed
CVE-2025-58012 was published Sep 22, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Sayful Islam Upcoming Events... Moderate Unreviewed
CVE-2025-57994 was published Sep 22, 2025
Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software... Moderate Unreviewed
CVE-2025-0875 was published Sep 22, 2025
Mattermost boards plugin fails to restrict download access to files Low
CVE-2025-9081 was published for github.com/mattermost/mattermost-plugin-boards (Go) Sep 19, 2025
Liferay Contacts Center widget has insecure direct object reference Moderate
CVE-2025-43803 was published for com.liferay:com.liferay.contacts.web (Maven) Sep 19, 2025
Tronclass developed by WisdomGarden has an Insecure Direct object Reference vulnerability,... Moderate Unreviewed
CVE-2025-10719 was published Sep 19, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2025-5948 was published Sep 19, 2025
The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct Object Reference in... Moderate Unreviewed
CVE-2025-10493 was published Sep 18, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Nebula Informatics SecHard... Moderate Unreviewed
CVE-2025-8463 was published Sep 17, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Beefull Energy Technologies... Moderate Unreviewed
CVE-2025-7355 was published Sep 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database