Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

223 advisories

Loading
A security vulnerability was discovered in Moodle that can allow hackers to gain access to... High Unreviewed
CVE-2025-3625 was published Apr 25, 2025
Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows... High Unreviewed
CVE-2025-25777 was published Apr 24, 2025
An authorization bypass in Unblu Spark allows a participant of a conversation to replace an... High Unreviewed
CVE-2025-3519 was published Apr 22, 2025
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to... High Unreviewed
CVE-2025-3574 was published Apr 15, 2025
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to... High Unreviewed
CVE-2025-3575 was published Apr 15, 2025
The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in... High Unreviewed
CVE-2025-2526 was published Apr 8, 2025
An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS... High Unreviewed
CVE-2025-22931 was published Apr 3, 2025
The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object... High Unreviewed
CVE-2024-13558 was published Mar 20, 2025
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege... High Unreviewed
CVE-2025-1667 was published Mar 15, 2025
Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass... High Unreviewed
CVE-2024-53406 was published Mar 13, 2025
A vulnerability exists in Issuetrak v17.2.2 and prior that allows a low-privileged user to access... High Unreviewed
CVE-2025-2271 was published Mar 13, 2025
ServiceNow has addressed an authorization bypass vulnerability that was identified in the... High Unreviewed
CVE-2025-0337 was published Mar 6, 2025
Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an... High Unreviewed
CVE-2025-0352 was published Feb 20, 2025
StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a... High Unreviewed
CVE-2025-26788 was published Feb 14, 2025
An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal,... High Unreviewed
CVE-2024-34520 was published Feb 13, 2025
Distribution's token authentication allows to inject an untrusted signing key in a JWT High
CVE-2025-24976 was published for github.com/distribution/distribution/v3 (Go) Feb 11, 2025
evanebb
Duplicate Advisory: Authorization Bypass in OPC UA .NET Standard Stack High
GHSA-qv5f-57gw-vx3h was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Feb 10, 2025 withdrawn
In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the... High Unreviewed
CVE-2024-39033 was published Feb 6, 2025
The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)... High Unreviewed
CVE-2024-13694 was published Jan 30, 2025
CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow... High Unreviewed
CVE-2024-10497 was published Jan 17, 2025
HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access... High Unreviewed
CVE-2024-42169 was published Jan 11, 2025
The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key... High Unreviewed
CVE-2024-13040 was published Dec 31, 2024
An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates)... High Unreviewed
CVE-2024-55506 was published Dec 19, 2024
Authorization bypass through user-controlled key vulnerability in streaming service in Synology... High Unreviewed
CVE-2024-4464 was published Dec 18, 2024
Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key... High Unreviewed
CVE-2024-42422 was published Dec 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database