Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,926
Erlang
39
GitHub Actions
38
Go
2,576
Maven
5,000+
npm
4,246
NuGet
754
pip
4,008
Pub
12
RubyGems
953
Rust
1,045
Swift
45
Unreviewed advisories
All unreviewed
5,000+

54 advisories

Loading
FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magic) links using the... High Unreviewed
CVE-2025-61536 was published Oct 16, 2025
Aggie 2.6.1 has a Host Header injection vulnerability in the forgot password functionality,... High Unreviewed
CVE-2025-22381 was published Oct 16, 2025
Improper authentication in zenml Low
CVE-2024-2213 was published for zenml (pip) Jun 6, 2024
In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management... Moderate Unreviewed
CVE-2024-9431 was published Mar 20, 2025
The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation... Critical Unreviewed
CVE-2025-9286 was published Oct 3, 2025
An authentication bypass vulnerability allows remote attackers to gain administrative privileges... Critical Unreviewed
CVE-2025-10159 was published Sep 9, 2025
CWE-620: Unverified Password Change Moderate Unreviewed
CVE-2025-46389 was published Aug 6, 2025
The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2025-4606 was published Jul 9, 2025
The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2024-12827 was published Jun 27, 2025
A vulnerability was found in UTT 进取 750W up to 5.0 and classified as critical. Affected by this... Moderate Unreviewed
CVE-2025-6097 was published Jun 16, 2025
The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is... High Unreviewed
CVE-2025-5482 was published Jun 4, 2025
TYPO3 Unverified Password Change for Backend Users Low
CVE-2025-47938 was published for typo3/cms-core (Composer) May 20, 2025
bnf
Credited to bnf
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all... Critical Unreviewed
CVE-2025-4322 was published May 20, 2025
A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R... Moderate Unreviewed
CVE-2025-4903 was published May 19, 2025
An authenticated user attempting to change their password could do so without using the current... Low Unreviewed
CVE-2025-46748 was published May 12, 2025
The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing... Critical Unreviewed
CVE-2025-4558 was published May 12, 2025
A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic.... Moderate Unreviewed
CVE-2025-4552 was published May 12, 2025
The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all... Critical Unreviewed
CVE-2025-2253 was published May 9, 2025
Unverified Password Change for ANC software that allows an authenticated attacker to bypass the... Low Unreviewed
CVE-2024-47784 was published Apr 30, 2025
The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account... Moderate Unreviewed
CVE-2025-3793 was published Apr 24, 2025
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege... High Unreviewed
CVE-2025-3607 was published Apr 24, 2025
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover... Critical Unreviewed
CVE-2025-3603 was published Apr 24, 2025
A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0.... Moderate Unreviewed
CVE-2025-3849 was published Apr 22, 2025
An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web... High Unreviewed
CVE-2017-14005 was published May 13, 2022
A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote... Critical Unreviewed
CVE-2024-48887 was published Apr 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database