Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,075 advisories

Loading
The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files,... Moderate Unreviewed
CVE-2025-8889 was published Sep 9, 2025
A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file... Moderate Unreviewed
CVE-2025-10122 was published Sep 9, 2025
Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated... Moderate Unreviewed
CVE-2025-42923 was published Sep 9, 2025
Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP... Moderate Unreviewed
CVE-2025-42925 was published Sep 9, 2025
Liferay Portal exposes 500 status when attempting login with a deleted client secret Moderate
CVE-2025-43777 was published for com.liferay:com.liferay.portal.security.sso.openid.connect.impl (Maven) Sep 9, 2025
A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is... Moderate Unreviewed
CVE-2025-10123 was published Sep 9, 2025
SAP NetWeaver Application Server Java does not perform an authentication check when an attacker... Moderate Unreviewed
CVE-2025-42926 was published Sep 9, 2025
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP NetWeaver ABAP Platform, an... Moderate Unreviewed
CVE-2025-42938 was published Sep 9, 2025
SAP Business Planning and Consolidation allows an authenticated standard user to call a function... Moderate Unreviewed
CVE-2025-42930 was published Sep 9, 2025
Liferay Portal is vulnerable to XSS attack through fieldset name in Kaleo Forms Admin Moderate
CVE-2025-43778 was published for com.liferay:com.liferay.portal.workflow.kaleo.forms.web (Maven) Sep 9, 2025
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code... Moderate Unreviewed
CVE-2025-10116 was published Sep 9, 2025
A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the... Moderate Unreviewed
CVE-2025-10115 was published Sep 9, 2025
A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin... Moderate Unreviewed
CVE-2025-10121 was published Sep 9, 2025
SAP NetWeaver Application Server for ABAP allows authenticated users with access to background... Moderate Unreviewed
CVE-2025-42918 was published Sep 9, 2025
Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an... Moderate Unreviewed
CVE-2025-42915 was published Sep 9, 2025
SAP NetWeaver (Service Data Download) allows an authenticated user to call a remote-enabled... Moderate Unreviewed
CVE-2025-42911 was published Sep 9, 2025
SAP HCM Approve Timesheets Fiori 2.0 application does not perform necessary authorization checks... Moderate Unreviewed
CVE-2025-42917 was published Sep 9, 2025
SAP HCM My Timesheet Fiori 2.0 application does not perform necessary authorization checks for an... Moderate Unreviewed
CVE-2025-42912 was published Sep 9, 2025
A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring... Moderate Unreviewed
CVE-2025-10118 was published Sep 9, 2025
A weakness has been identified in SourceCodester Simple To-Do List System 1.0. Impacted is an... Moderate Unreviewed
CVE-2025-10117 was published Sep 9, 2025
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an... Moderate Unreviewed
CVE-2025-42920 was published Sep 9, 2025
A vulnerability was found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown... Moderate Unreviewed
CVE-2025-10114 was published Sep 9, 2025
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2025-1761 was published Sep 9, 2025
A vulnerability was determined in Campcodes Online Loan Management System 1.0. This issue affects... Moderate Unreviewed
CVE-2025-10109 was published Sep 9, 2025
A vulnerability was identified in ChanCMS up to 3.3.1. Impacted is an unknown function of the... Moderate Unreviewed
CVE-2025-10110 was published Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database