Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,884
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,205
NuGet
743
pip
3,978
Pub
12
RubyGems
947
Rust
1,034
Swift
39
Unreviewed advisories
All unreviewed
5,000+

86 advisories

Loading
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2025-5948 was published Sep 19, 2025
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to... Critical Unreviewed
CVE-2025-9114 was published Sep 8, 2025
An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash... Critical Unreviewed
CVE-2025-45968 was published Aug 25, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2025-5947 was published Aug 1, 2025
An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows... Critical Unreviewed
CVE-2024-11167 was published Mar 20, 2025
The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion... Critical Unreviewed
CVE-2025-4855 was published Jul 9, 2025
HashiCorp Vault vulnerable to incorrect metadata access Critical
CVE-2022-40186 was published for github.com/hashicorp/vault (Go) Sep 23, 2022
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2025-3605 was published May 9, 2025
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2025-3810 was published May 9, 2025
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2025-3811 was published May 9, 2025
This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on... Critical Unreviewed
CVE-2025-42605 was published Apr 23, 2025
RSFirewall tries to identify the original IP address by looking at different HTTP headers. A... Critical Unreviewed
CVE-2021-4226 was published Dec 15, 2022
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-11285 was published Mar 14, 2025
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-11284 was published Mar 14, 2025
IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations Critical
CVE-2025-27507 was published for github.com/zitadel/zitadel (Go) Mar 4, 2025
amit-laish livio-a
fforootd adlerhurst
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct... Critical Unreviewed
CVE-2024-50693 was published Feb 26, 2025
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct... Critical Unreviewed
CVE-2024-50686 was published Feb 26, 2025
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct... Critical Unreviewed
CVE-2024-50689 was published Feb 26, 2025
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct... Critical Unreviewed
CVE-2024-50687 was published Feb 26, 2025
SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct... Critical Unreviewed
CVE-2024-50685 was published Feb 26, 2025
The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and... Critical Unreviewed
CVE-2024-2472 was published Jun 14, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper Critical
CVE-2023-44981 was published for org.apache.zookeeper:zookeeper (Maven) Oct 11, 2023
Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an... Critical Unreviewed
CVE-2025-1270 was published Feb 13, 2025
An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary... Critical Unreviewed
CVE-2024-1626 was published Apr 16, 2024
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up... Critical Unreviewed
CVE-2024-10215 was published Jan 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database