Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

1,388 advisories

Loading
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a... Moderate Unreviewed
CVE-2025-43904 was published Jan 16, 2026
The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data... Moderate Unreviewed
CVE-2025-15513 was published Jan 14, 2026
TYPO3 CMS Allows Broken Access Control in Edit Document Controller Moderate
CVE-2025-59020 was published for typo3/cms-backend (Composer) Jan 13, 2026
The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in... Moderate Unreviewed
CVE-2026-0684 was published Jan 13, 2026
The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to,... Moderate Unreviewed
CVE-2026-0831 was published Jan 10, 2026
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-14943 was published Jan 10, 2026
The WP Table Builder – Drag & Drop Table Builder plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-13753 was published Jan 9, 2026
Soft Serve is missing an authorization check in LFS lock deletion Moderate
CVE-2026-22253 was published for github.com/charmbracelet/soft-serve (Go) Jan 8, 2026
Tomer-PL
Credited to Tomer-PL
Kirby is missing permission checks in the content changes API Moderate
CVE-2026-21896 was published for getkirby/cms (Composer) Jan 8, 2026
lukaskleinschmidt
Credited to lukaskleinschmidt
The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data... Moderate Unreviewed
CVE-2025-14352 was published Jan 7, 2026
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token... Moderate Unreviewed
CVE-2025-69416 was published Jan 2, 2026
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token... Moderate Unreviewed
CVE-2025-69417 was published Jan 2, 2026
Temporal has an Incorrect Authorization vulnerability Moderate
CVE-2025-14987 was published for go.temporal.io/server (Go) Dec 30, 2025
Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources Moderate
CVE-2025-68941 was published for code.gitea.io/gitea (Go) Dec 26, 2025
Gitea mishandles authorization for deletion of releases Moderate
CVE-2025-68938 was published for code.gitea.io/gitea (Go) Dec 26, 2025
A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the... Moderate Unreviewed
CVE-2025-15085 was published Dec 25, 2025
Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP... Moderate Unreviewed
CVE-2025-66378 was published Dec 25, 2025
Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues Moderate
CVE-2025-13767 was published for github.com/mattermost/mattermost-server (Go) Dec 24, 2025
Mattermost doesn't verify that post actions invoking `/share-issue-publicly` were created by the Jira plugin Moderate
CVE-2025-64641 was published for github.com/mattermost/mattermost-server (Go) Dec 24, 2025
Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by... Moderate Unreviewed
CVE-2025-68422 was published Dec 19, 2025
Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by... Moderate Unreviewed
CVE-2025-68386 was published Dec 19, 2025
Improper access checks in M-Files Server before 25.12 allows users to download files through M... Moderate Unreviewed
CVE-2025-14318 was published Dec 18, 2025
The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all... Moderate Unreviewed
CVE-2025-14081 was published Dec 17, 2025
Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation Moderate
CVE-2025-13324 was published for github.com/mattermost/mattermost (Go) Dec 17, 2025
Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency Moderate
GHSA-vvg7-8rmq-92g7 was published for auth0/wordpress (Composer) Dec 17, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database