Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

18 advisories

Loading
Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege escalation vulnerability... Moderate Unreviewed
CVE-2025-54551 was published Aug 20, 2025
OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add... Moderate Unreviewed
CVE-2025-54832 was published Jul 31, 2025
SAP S4CORE OData meta-data property allows an authenticated attacker to access restricted... Moderate Unreviewed
CVE-2025-43002 was published May 13, 2025
Craft CMS stores arbitrary content provided by unauthenticated users in session files Moderate
CVE-2025-35939 was published for craftcms/cms (Composer) May 8, 2025
The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order... Moderate Unreviewed
CVE-2025-3743 was published Apr 25, 2025
SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data... Moderate Unreviewed
CVE-2025-31327 was published Apr 22, 2025
SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set... Moderate Unreviewed
CVE-2025-31333 was published Apr 8, 2025
Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout Moderate
CVE-2025-30152 was published for sylius/paypal-plugin (Composer) Mar 19, 2025
Sylius PayPal Plugin Payment Amount Manipulation Vulnerability Moderate
CVE-2025-29788 was published for sylius/paypal-plugin (Composer) Mar 17, 2025
migo315
SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass via the captcha parameter Moderate Unreviewed
CVE-2025-26312 was published Mar 14, 2025
A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be... Moderate Unreviewed
CVE-2024-12123 was published Dec 4, 2024
The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all... Moderate Unreviewed
CVE-2024-6010 was published Sep 7, 2024
External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint... Moderate Unreviewed
CVE-2023-38520 was published Jun 4, 2024
IBM Watson CP4D Data Stores 4.6.0, 4.6.1, and 4.6.2 could allow an attacker with specific... Moderate Unreviewed
CVE-2023-28512 was published Mar 3, 2024
Duplicate Advisory: httparty has multipart/form-data request tampering vulnerability Moderate
GHSA-g47j-3m2m-74qv was published for httparty (RubyGems) Jan 4, 2024 withdrawn
httparty has multipart/form-data request tampering vulnerability Moderate
CVE-2024-22049 was published for httparty (RubyGems) Jan 3, 2023
motoyasu-saburi
An improper control of parameters allows the spoofing of the from fields of the following screens... Moderate Unreviewed
CVE-2020-1765 was published May 24, 2022
External Control of Assumed-Immutable Web Parameter in moodle Moderate
CVE-2022-30597 was published for moodle/moodle (Composer) May 19, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database