Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

892 advisories

Loading
The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a... High Unreviewed
CVE-2024-12767 was published May 15, 2025
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is... Moderate Unreviewed
CVE-2025-3769 was published May 14, 2025
The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2024-8988 was published May 14, 2025
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2025-3605 was published May 9, 2025
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2025-3810 was published May 9, 2025
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2025-3811 was published May 9, 2025
A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE... Moderate Unreviewed
CVE-2025-20214 was published May 7, 2025
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference... Moderate Unreviewed
CVE-2025-3853 was published May 7, 2025
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile... Moderate Unreviewed
CVE-2025-3281 was published May 6, 2025
The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account... High Unreviewed
CVE-2025-3610 was published May 6, 2025
Grokability Snipe-IT has incorrect authorization for accessing asset information Moderate
CVE-2025-47226 was published for snipe/snipe-it (Composer) May 2, 2025
The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions... Moderate Unreviewed
CVE-2025-1327 was published May 2, 2025
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2025-3889 was published May 1, 2025
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2025-3874 was published May 1, 2025
A vulnerability classified as critical was found in Weitong Mall 1.0.0. This vulnerability... Moderate Unreviewed
CVE-2025-4119 was published Apr 30, 2025
Moodle allows IDOR in RSS block, which allows access to additional RSS feeds Moderate
CVE-2025-3636 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users Moderate
CVE-2025-3640 was published for moodle/moodle (Composer) Apr 25, 2025
A security vulnerability was discovered in Moodle that can allow hackers to gain access to... High Unreviewed
CVE-2025-3625 was published Apr 25, 2025
Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows... High Unreviewed
CVE-2025-25777 was published Apr 24, 2025
The Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) plugin for... Moderate Unreviewed
CVE-2025-1284 was published Apr 24, 2025
This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on... Critical Unreviewed
CVE-2025-42605 was published Apr 23, 2025
An authorization bypass in Unblu Spark allows a participant of a conversation to replace an... High Unreviewed
CVE-2025-3519 was published Apr 22, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Scott Taylor Avatar allows... Moderate Unreviewed
CVE-2025-39434 was published Apr 17, 2025
Unauthenticated attackers can retrieve serial number of smart meters associated to a specific... Moderate Unreviewed
CVE-2025-30257 was published Apr 16, 2025
Unauthenticated attackers can trigger device actions associated with specific "scenes" of... Moderate Unreviewed
CVE-2025-31360 was published Apr 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database