Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

84 advisories

Loading
An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash... Critical Unreviewed
CVE-2025-45968 was published Aug 25, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2025-5947 was published Aug 1, 2025
The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion... Critical Unreviewed
CVE-2025-4855 was published Jul 9, 2025
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2025-3605 was published May 9, 2025
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2025-3811 was published May 9, 2025
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2025-3810 was published May 9, 2025
This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on... Critical Unreviewed
CVE-2025-42605 was published Apr 23, 2025
An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows... Critical Unreviewed
CVE-2024-11167 was published Mar 20, 2025
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-11285 was published Mar 14, 2025
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-11284 was published Mar 14, 2025
IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations Critical
CVE-2025-27507 was published for github.com/zitadel/zitadel (Go) Mar 4, 2025
amit-laish livio-a
fforootd adlerhurst
SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct... Critical Unreviewed
CVE-2024-50685 was published Feb 26, 2025
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct... Critical Unreviewed
CVE-2024-50686 was published Feb 26, 2025
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct... Critical Unreviewed
CVE-2024-50689 was published Feb 26, 2025
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct... Critical Unreviewed
CVE-2024-50693 was published Feb 26, 2025
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct... Critical Unreviewed
CVE-2024-50687 was published Feb 26, 2025
Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an... Critical Unreviewed
CVE-2025-1270 was published Feb 13, 2025
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up... Critical Unreviewed
CVE-2024-10215 was published Jan 9, 2025
TeamPass privileges issue Critical
CVE-2024-50703 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability... Critical Unreviewed
CVE-2024-7474 was published Oct 29, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege... Critical Unreviewed
CVE-2024-50483 was published Oct 28, 2024
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for... Critical Unreviewed
CVE-2024-9263 was published Oct 17, 2024
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary... Critical Unreviewed
CVE-2024-9862 was published Oct 17, 2024
The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2024-8485 was published Sep 25, 2024
The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin... Critical Unreviewed
CVE-2024-8791 was published Sep 24, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database