Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

2,952 advisories

Loading
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a... Moderate Unreviewed
CVE-2025-43904 was published Jan 16, 2026
A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated... High Unreviewed
CVE-2026-0713 was published Jan 15, 2026
Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0... High Unreviewed
CVE-2025-66005 was published Jan 14, 2026
The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data... Moderate Unreviewed
CVE-2025-15513 was published Jan 14, 2026
Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization... High Unreviewed
CVE-2026-21274 was published Jan 13, 2026
TYPO3 CMS Allows Broken Access Control in Edit Document Controller Moderate
CVE-2025-59020 was published for typo3/cms-backend (Composer) Jan 13, 2026
The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in... Moderate Unreviewed
CVE-2026-0684 was published Jan 13, 2026
Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated... High Unreviewed
CVE-2025-41078 was published Jan 12, 2026
The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to,... Moderate Unreviewed
CVE-2026-0831 was published Jan 10, 2026
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14943 was published Jan 10, 2026
### Details On October 1, 2025, Palantir discovered that images uploaded through the Dossier... Low Unreviewed
CVE-2025-62487 was published Jan 10, 2026
The WP Table Builder – Drag & Drop Table Builder plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-13753 was published Jan 9, 2026
Ghost has Staff Token permission bypass High
CVE-2026-22595 was published for ghost (npm) Jan 8, 2026
odgrso
Credited to odgrso
Soft Serve is missing an authorization check in LFS lock deletion Moderate
CVE-2026-22253 was published for github.com/charmbracelet/soft-serve (Go) Jan 8, 2026
Tomer-PL
Credited to Tomer-PL
Kirby is missing permission checks in the content changes API Moderate
CVE-2026-21896 was published for getkirby/cms (Composer) Jan 8, 2026
lukaskleinschmidt
Credited to lukaskleinschmidt
OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft... High Unreviewed
CVE-2026-22230 was published Jan 8, 2026
The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data... Moderate Unreviewed
CVE-2025-14352 was published Jan 7, 2026
iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that... High Unreviewed
CVE-2020-36920 was published Jan 6, 2026
Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a ... High Unreviewed
CVE-2025-69414 was published Jan 2, 2026
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token... Moderate Unreviewed
CVE-2025-69416 was published Jan 2, 2026
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token... Moderate Unreviewed
CVE-2025-69417 was published Jan 2, 2026
Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts Low
CVE-2025-14986 was published for go.temporal.io/server (Go) Dec 30, 2025
Temporal has an Incorrect Authorization vulnerability Moderate
CVE-2025-14987 was published for go.temporal.io/server (Go) Dec 30, 2025
A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function... Low Unreviewed
CVE-2025-15125 was published Dec 28, 2025
A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the... Low Unreviewed
CVE-2025-15126 was published Dec 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database