Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,028 advisories

Loading
Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core... Moderate Unreviewed
CVE-2025-64011 was published Dec 12, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue... High Unreviewed
CVE-2025-58137 was published Dec 12, 2025
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of... Moderate Unreviewed
CVE-2025-14356 was published Dec 12, 2025
In GroupSession, a Circular notice can be created with its memo field non-editable, but the... Moderate Unreviewed
CVE-2025-61950 was published Dec 12, 2025
The Campay Woocommerce Payment Gateway plugin for WordPress is vulnerable to Unauthenticated... Moderate Unreviewed
CVE-2025-12883 was published Dec 12, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Aksis Computer Services and... High Unreviewed
CVE-2025-13003 was published Dec 11, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Netiket Information... High Unreviewed
CVE-2025-13124 was published Dec 11, 2025
GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5... Moderate Unreviewed
CVE-2025-11247 was published Dec 11, 2025
EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure... High Unreviewed
CVE-2020-36895 was published Dec 10, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Im Park Information Technology,... Moderate Unreviewed
CVE-2025-13125 was published Dec 10, 2025
Direct Object Reference Vulnerability (IDOR) in i2A's CronosWeb, in versions prior to 25.00.00.12... High Unreviewed
CVE-2025-41358 was published Dec 10, 2025
Authorization Bypass Through User-Controlled Key vulnerability in ThimPress Thim Elementor Kit... Moderate Unreviewed
CVE-2025-67594 was published Dec 9, 2025
Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media Library... Moderate Unreviewed
CVE-2025-63065 was published Dec 9, 2025
Multiple Incorrect Access Control vulnerabilities in adata Software GmbH Mitarbeiterportal 2.15.2... High Unreviewed
CVE-2025-61075 was published Dec 9, 2025
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin... Moderate Unreviewed
CVE-2025-13748 was published Dec 6, 2025
The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure... High Unreviewed
CVE-2025-13932 was published Dec 5, 2025
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an... Low Unreviewed
CVE-2025-12997 was published Dec 4, 2025
An Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student... Moderate Unreviewed
CVE-2025-61148 was published Dec 4, 2025
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-13109 was published Dec 3, 2025
Vulnerability in the access control system of the GAMS licensing system that allows unlimited... Moderate Unreviewed
CVE-2025-41086 was published Dec 2, 2025
Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel Moderate
CVE-2025-66306 was published for getgrav/grav (Composer) Dec 2, 2025
ElvinNuruyev
Credited to ElvinNuruyev
The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in... Critical Unreviewed
CVE-2025-13615 was published Nov 30, 2025
WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated... High Unreviewed
CVE-2025-13768 was published Nov 28, 2025
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2025-13157 was published Nov 27, 2025
Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and... High Unreviewed
CVE-2025-65672 was published Nov 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database