Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

125 advisories

Loading
IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations Critical
CVE-2025-27507 was published for github.com/zitadel/zitadel (Go) Mar 4, 2025
amit-laish Credited to amit-laish, livio-a, fforootd, and adlerhurst livio-a livio-a
fforootd fforootd adlerhurst adlerhurst
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-11284 was published Mar 14, 2025
The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-11285 was published Mar 14, 2025
An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows... Critical Unreviewed
CVE-2024-11167 was published Mar 20, 2025
This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on... Critical Unreviewed
CVE-2025-42605 was published Apr 23, 2025
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2025-3811 was published May 9, 2025
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2025-3810 was published May 9, 2025
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2025-3605 was published May 9, 2025
The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion... Critical Unreviewed
CVE-2025-4855 was published Jul 9, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2025-5947 was published Aug 1, 2025
An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash... Critical Unreviewed
CVE-2025-45968 was published Aug 25, 2025
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to... Critical Unreviewed
CVE-2025-9114 was published Sep 8, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2025-5948 was published Sep 19, 2025
The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in... Critical Unreviewed
CVE-2025-10742 was published Oct 16, 2025
Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand... Critical Unreviewed
CVE-2025-0987 was published Nov 3, 2025
Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core... Critical Unreviewed
CVE-2025-58627 was published Nov 6, 2025
The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in... Critical Unreviewed
CVE-2025-13615 was published Nov 30, 2025
Pagekit CMS has an Insecure Direct Object Reference (IDOR) in its User Role component Critical
CVE-2025-67165 was published for pagekit/pagekit (Composer) Dec 17, 2025
UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated... Critical Unreviewed
CVE-2023-53914 was published Dec 18, 2025
A flaw in the binding process of Govee’s cloud platform and devices allows a remote attacker to... Critical Unreviewed
CVE-2025-10910 was published Dec 18, 2025
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability... Critical Unreviewed
CVE-2023-53955 was published Dec 23, 2025
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all... Critical Unreviewed
CVE-2025-14998 was published Jan 2, 2026
The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2025-15001 was published Jan 6, 2026
The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2025-14996 was published Jan 6, 2026
The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account... Critical Unreviewed
CVE-2025-15018 was published Jan 7, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database