Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

575 advisories

Loading
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a... High Unreviewed
CVE-2024-43706 was published Jun 10, 2025
The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing... High Unreviewed
CVE-2025-4103 was published May 31, 2025
The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing... Critical Unreviewed
CVE-2025-4631 was published May 31, 2025
The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to... High Unreviewed
CVE-2025-4672 was published May 31, 2025
A vulnerability has been found in Summer Pearl Group Vacation Rental Management Platform up to 1... Moderate Unreviewed
CVE-2025-5182 was published May 26, 2025
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a... High Unreviewed
CVE-2025-4474 was published May 13, 2025
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a... High Unreviewed
CVE-2025-4473 was published May 13, 2025
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An... High Unreviewed
CVE-2025-31249 was published May 13, 2025
Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges... Critical Unreviewed
CVE-2025-29827 was published May 9, 2025
The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a... Critical Unreviewed
CVE-2025-4104 was published May 7, 2025
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized... High Unreviewed
CVE-2025-3921 was published May 7, 2025
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access... Moderate Unreviewed
CVE-2025-3924 was published May 7, 2025
The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper... Critical Unreviewed
CVE-2025-3918 was published May 3, 2025
Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. Critical Unreviewed
CVE-2025-30390 was published Apr 30, 2025
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2025-30392 was published Apr 30, 2025
Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate... High Unreviewed
CVE-2025-30389 was published Apr 30, 2025
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module. High Unreviewed
CVE-2025-32982 was published Apr 25, 2025
Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function... Critical Unreviewed
CVE-2025-29659 was published Apr 21, 2025
Private Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and... Moderate Unreviewed
CVE-2023-42973 was published Apr 11, 2025
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute... High Unreviewed
CVE-2025-29794 was published Apr 8, 2025
A Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege... Moderate Unreviewed
CVE-2025-28131 was published Apr 1, 2025
Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges... High Unreviewed
CVE-2025-26683 was published Apr 1, 2025
Insecure Direct Object References (IDOR) in access control in Tracking 2.1.4 on NightWolf... High Unreviewed
CVE-2025-3014 was published Mar 31, 2025
Insecure Direct Object References (IDOR) in access control in Customer Portal before 2.1.4 on... High Unreviewed
CVE-2025-3013 was published Mar 31, 2025
Improper authorization in the variable component in Devolutions Remote Desktop Manager on Windows... Moderate Unreviewed
CVE-2025-2600 was published Mar 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database