Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,012 advisories

Loading
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin... Moderate Unreviewed
CVE-2025-13748 was published Dec 6, 2025
The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure... High Unreviewed
CVE-2025-13932 was published Dec 5, 2025
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an... Low Unreviewed
CVE-2025-12997 was published Dec 4, 2025
An Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student... Moderate Unreviewed
CVE-2025-61148 was published Dec 4, 2025
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-13109 was published Dec 3, 2025
Vulnerability in the access control system of the GAMS licensing system that allows unlimited... Moderate Unreviewed
CVE-2025-41086 was published Dec 2, 2025
Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel Moderate
CVE-2025-66306 was published for getgrav/grav (Composer) Dec 2, 2025
ElvinNuruyev
Credited to ElvinNuruyev
The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in... Critical Unreviewed
CVE-2025-13615 was published Nov 30, 2025
WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated... High Unreviewed
CVE-2025-13768 was published Nov 28, 2025
The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2025-13157 was published Nov 27, 2025
An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access... Moderate Unreviewed
CVE-2025-65670 was published Nov 26, 2025
Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and... High Unreviewed
CVE-2025-65672 was published Nov 26, 2025
Better Auth Passkey Plugin allows passkey deletion through IDOR High
GHSA-4vcf-q4xf-f48m was published for @better-auth/passkey (npm) Nov 25, 2025
goksan
Credited to goksan
Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping... Moderate Unreviewed
CVE-2025-65647 was published Nov 25, 2025
Primakon Pi Portal 1.0.18 API endpoints responsible for retrieving object-specific or filtered... Moderate Unreviewed
CVE-2025-64067 was published Nov 25, 2025
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is... Moderate Unreviewed
CVE-2025-13389 was published Nov 25, 2025
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is... Moderate Unreviewed
CVE-2025-13452 was published Nov 25, 2025
The Frontend File Manager Plugin for WordPress is vulnerable to Insecure Direct Object Reference... Moderate Unreviewed
CVE-2025-13382 was published Nov 25, 2025
The Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2025-12040 was published Nov 25, 2025
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2025-10039 was published Nov 21, 2025
The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure... Moderate Unreviewed
CVE-2025-12881 was published Nov 21, 2025
The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure... Moderate Unreviewed
CVE-2025-12086 was published Nov 21, 2025
Clerk-js vulnerable to bypass of OAuth authentication flow by manipulating request at OTP verification stage Moderate
CVE-2025-63700 was published for @clerk/clerk-js (npm) Nov 20, 2025
Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users... High Unreviewed
CVE-2025-52670 was published Nov 20, 2025
An Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of BlackBerry®... Moderate Unreviewed
CVE-2025-12766 was published Nov 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database