Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

829 advisories

Loading
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... High Unreviewed
CVE-2025-6574 was published Nov 1, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... High Unreviewed
CVE-2025-5949 was published Nov 1, 2025
Insecure Direct Object Reference (IDOR) in /tenants/{id} API endpoint in Inforcer Platform... Moderate Unreviewed
CVE-2025-61876 was published Oct 29, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for... Moderate Unreviewed
CVE-2025-64283 was published Oct 29, 2025
Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User... Moderate Unreviewed
CVE-2025-12351 was published Oct 27, 2025
A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The... Moderate Unreviewed
CVE-2025-12270 was published Oct 27, 2025
Authorization Bypass Through User-Controlled Key vulnerability in mediavine Create by Mediavine... High Unreviewed
CVE-2025-62893 was published Oct 27, 2025
GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference (IDOR)... High Unreviewed
CVE-2025-34293 was published Oct 25, 2025
Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and... High Unreviewed
CVE-2025-11957 was published Oct 22, 2025
Authorization Bypass Through User-Controlled Key vulnerability in favethemes Houzez houzez allows... High Unreviewed
CVE-2025-49952 was published Oct 22, 2025
The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for... Moderate Unreviewed
CVE-2025-6833 was published Oct 22, 2025
The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-10570 was published Oct 22, 2025
Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object... Moderate Unreviewed
CVE-2025-60511 was published Oct 21, 2025
Authorization Bypass Through User-Controlled Key vulnerability in VHS Electronic Software Ltd. Co... Moderate Unreviewed
CVE-2025-8884 was published Oct 20, 2025
The Event Tickets and Registration plugin for WordPress is vulnerable to payment bypass in all... High Unreviewed
CVE-2025-11517 was published Oct 18, 2025
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization... Moderate Unreviewed
CVE-2025-11519 was published Oct 18, 2025
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information... Moderate Unreviewed
CVE-2025-11741 was published Oct 18, 2025
The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in... Moderate Unreviewed
CVE-2025-11895 was published Oct 17, 2025
Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object... Moderate Unreviewed
CVE-2025-9559 was published Oct 16, 2025
The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in... Critical Unreviewed
CVE-2025-10742 was published Oct 16, 2025
Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This... High Unreviewed
CVE-2025-41020 was published Oct 16, 2025
The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference... Moderate Unreviewed
CVE-2025-11176 was published Oct 15, 2025
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server... Moderate Unreviewed
CVE-2025-40773 was published Oct 14, 2025
Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import... High Unreviewed
CVE-2025-9902 was published Oct 13, 2025
HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR).... Moderate Unreviewed
CVE-2025-31997 was published Oct 12, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database