Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

575 advisories

Loading
Insecure Direct Object Reference (IDOR) in /tenants/{id} API endpoint in Inforcer Platform... Moderate Unreviewed
CVE-2025-61876 was published Oct 29, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for... Moderate Unreviewed
CVE-2025-64283 was published Oct 29, 2025
Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User... Moderate Unreviewed
CVE-2025-12351 was published Oct 27, 2025
A security flaw has been discovered in code-projects Client Details System 1.0. The impacted... Moderate Unreviewed
CVE-2025-12283 was published Oct 27, 2025
A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The... Moderate Unreviewed
CVE-2025-12270 was published Oct 27, 2025
The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for... Moderate Unreviewed
CVE-2025-6833 was published Oct 22, 2025
The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-10570 was published Oct 22, 2025
Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object... Moderate Unreviewed
CVE-2025-60511 was published Oct 21, 2025
Authorization Bypass Through User-Controlled Key vulnerability in VHS Electronic Software Ltd. Co... Moderate Unreviewed
CVE-2025-8884 was published Oct 20, 2025
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization... Moderate Unreviewed
CVE-2025-11519 was published Oct 18, 2025
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information... Moderate Unreviewed
CVE-2025-11741 was published Oct 18, 2025
The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in... Moderate Unreviewed
CVE-2025-11895 was published Oct 17, 2025
Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object... Moderate Unreviewed
CVE-2025-9559 was published Oct 16, 2025
The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference... Moderate Unreviewed
CVE-2025-11176 was published Oct 15, 2025
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server... Moderate Unreviewed
CVE-2025-40773 was published Oct 14, 2025
Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62241 was published for com.liferay.commerce:com.liferay.commerce.order.content.web (Maven) Oct 13, 2025
Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62242 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62252 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 13, 2025
Liferay Publications vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62244 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR).... Moderate Unreviewed
CVE-2025-31997 was published Oct 12, 2025
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct... Moderate Unreviewed
CVE-2025-11518 was published Oct 11, 2025
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user... Moderate Unreviewed
CVE-2025-43724 was published Oct 8, 2025
Insecure Direct Object Reference (IDOR) in Negotiator v3.15.2 from Biobanking and Biomolecular... Moderate Unreviewed
CVE-2025-40676 was published Oct 7, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Logo Software Inc. Logo Cloud... Moderate Unreviewed
CVE-2025-0606 was published Oct 6, 2025
Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in... Moderate Unreviewed
CVE-2025-0642 was published Oct 2, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database