Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,660
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

986 advisories

Loading
An Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of BlackBerry®... Moderate Unreviewed
CVE-2025-12766 was published Nov 19, 2025
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2025-12427 was published Nov 19, 2025
kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR)... Moderate Unreviewed
CVE-2025-63513 was published Nov 18, 2025
Insecure Direct Object Reference (IDOR) vulnerability in DeporSite of T-INNOVA. This... Moderate Unreviewed
CVE-2025-41069 was published Nov 13, 2025
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-12366 was published Nov 13, 2025
The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization... High Unreviewed
CVE-2025-12903 was published Nov 12, 2025
The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure... Moderate Unreviewed
CVE-2025-12087 was published Nov 12, 2025
The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for... Moderate Unreviewed
CVE-2025-12833 was published Nov 12, 2025
The The Total Book Project plugin for WordPress is vulnerable to Insecure Direct Object Reference... Moderate Unreviewed
CVE-2025-12126 was published Nov 11, 2025
The Wisly plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions... Moderate Unreviewed
CVE-2025-11532 was published Nov 11, 2025
In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to... High Unreviewed
CVE-2025-64688 was published Nov 10, 2025
The Groups plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions... Moderate Unreviewed
CVE-2025-11748 was published Nov 8, 2025
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And... Moderate Unreviewed
CVE-2025-12353 was published Nov 8, 2025
Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core... Critical Unreviewed
CVE-2025-58627 was published Nov 6, 2025
IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering High
CVE-2025-64431 was published for github.com/zitadel/zitadel (Go) Nov 5, 2025
livio-a stebenz
Credited to livio-a and stebenz
DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire,... High Unreviewed
CVE-2025-63248 was published Nov 5, 2025
An Insecure Direct Object Reference (IDOR) vulnerability exists in the vehicleId parameter,... High Unreviewed
CVE-2025-11690 was published Nov 4, 2025
Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand... Critical Unreviewed
CVE-2025-0987 was published Nov 3, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... High Unreviewed
CVE-2025-6574 was published Nov 1, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... High Unreviewed
CVE-2025-5949 was published Nov 1, 2025
Insecure Direct Object Reference (IDOR) in /tenants/{id} API endpoint in Inforcer Platform... Moderate Unreviewed
CVE-2025-61876 was published Oct 29, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for... Moderate Unreviewed
CVE-2025-64283 was published Oct 29, 2025
Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User... Moderate Unreviewed
CVE-2025-12351 was published Oct 27, 2025
A security flaw has been discovered in code-projects Client Details System 1.0. The impacted... Moderate Unreviewed
CVE-2025-12283 was published Oct 27, 2025
A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The... Moderate Unreviewed
CVE-2025-12270 was published Oct 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database