Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

321 advisories

Loading
GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write... Critical Unreviewed
CVE-2021-47812 was published Jan 16, 2026
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to... Critical Unreviewed
CVE-2025-14741 was published Jan 9, 2026
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache... Critical Unreviewed
CVE-2025-67913 was published Jan 8, 2026
Missing Authorization vulnerability in Kaira Blockons blockons allows Accessing Functionality Not... Critical Unreviewed
CVE-2025-14360 was published Jan 8, 2026
Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing... Critical Unreviewed
CVE-2025-14358 was published Jan 8, 2026
Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly... Critical Unreviewed
CVE-2025-39477 was published Jan 6, 2026
Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows... Critical Unreviewed
CVE-2023-54327 was published Dec 31, 2025
Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows... Critical Unreviewed
CVE-2025-68565 was published Dec 24, 2025
Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting... Critical Unreviewed
CVE-2025-68508 was published Dec 24, 2025
Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows... Critical Unreviewed
CVE-2025-68511 was published Dec 24, 2025
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart... Critical Unreviewed
CVE-2025-68535 was published Dec 24, 2025
UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers... Critical Unreviewed
CVE-2023-53923 was published Dec 18, 2025
Missing Authorization vulnerability in yaadsarig Yaad Sarig Payment Gateway For WC yaad-sarig... Critical Unreviewed
CVE-2025-66131 was published Dec 16, 2025
The LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart plugin for... Critical Unreviewed
CVE-2025-12963 was published Dec 12, 2025
UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that... Critical Unreviewed
CVE-2020-36902 was published Dec 10, 2025
The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset... Critical Unreviewed
CVE-2025-13313 was published Dec 5, 2025
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification... Critical Unreviewed
CVE-2025-13342 was published Dec 3, 2025
Mautic user without privileged access to the Marketplace can install and uninstall composer packages Critical
CVE-2025-13828 was published for mautic/core (Composer) Dec 2, 2025
driskell Credited to driskell, escopecz, and patrykgruszka escopecz escopecz
patrykgruszka patrykgruszka
An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from... Critical Unreviewed
CVE-2025-65669 was published Nov 26, 2025
Missing Authorization vulnerability in sertifier Sertifier Certificate & Badge Maker sertifier... Critical Unreviewed
CVE-2025-53214 was published Nov 6, 2025
The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a... Critical Unreviewed
CVE-2025-12158 was published Nov 4, 2025
The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for... Critical Unreviewed
CVE-2025-11833 was published Nov 1, 2025
ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in... Critical Unreviewed
CVE-2025-64348 was published Oct 31, 2025
Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH... Critical Unreviewed
CVE-2023-7317 was published Oct 31, 2025
Missing Authorization vulnerability in gerritvanaaken Podlove Web Player podlove-web-player... Critical Unreviewed
CVE-2025-62908 was published Oct 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database