Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,462
Erlang
33
GitHub Actions
22
Go
2,159
Maven
5,000+
npm
3,820
NuGet
696
pip
3,502
Pub
12
RubyGems
903
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

591 advisories

Loading
Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content Moderate
CVE-2025-27602 was published for Umbraco.Cms.Web.Backoffice (NuGet) Mar 11, 2025
hazemeldoc
Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality Moderate
CVE-2025-27601 was published for Umbraco.Cms.Api.Management (NuGet) Mar 11, 2025
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2024-13552 was published Mar 7, 2025
Fleet has SAML authentication vulnerability due to improper SAML response validation Critical
CVE-2025-27509 was published for github.com/fleetdm/fleet/v4 (Go) Mar 6, 2025
hakivvi lucasmrod
getvictor rh-colbymorgan jeffssh
The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet... Moderate Unreviewed
CVE-2024-13724 was published Mar 4, 2025
Information disclosure while deriving keys for a session for any Widevine use case. Moderate Unreviewed
CVE-2024-43051 was published Mar 3, 2025
Mautic allows Improper Authorization in Reporting API High
CVE-2024-47053 was published for mautic/core (Composer) Feb 26, 2025
escopecz patrykgruszka
A vulnerability, which was classified as problematic, has been found in SourceCodester Best... Moderate Unreviewed
CVE-2025-1607 was published Feb 24, 2025
The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information... High Unreviewed
CVE-2025-1361 was published Feb 22, 2025
OpenFGA Authorization Bypass Moderate
CVE-2025-25196 was published for github.com/openfga/openfga (Go) Feb 19, 2025
The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet... Moderate Unreviewed
CVE-2024-13692 was published Feb 14, 2025
The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation... Moderate Unreviewed
CVE-2024-13821 was published Feb 12, 2025
Improper Authorization vulnerability in Magento and Adobe Commerce Critical
CVE-2025-24434 was published for magento/community-edition (Composer) Feb 11, 2025
ihor-sviziev
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are... High Unreviewed
CVE-2025-24418 was published Feb 11, 2025
Adobe Commerce Improper Authorization vulnerability High
CVE-2025-24409 was published for magento/community-edition (Composer) Feb 11, 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability High Unreviewed
CVE-2025-21400 was published Feb 11, 2025
Contrast's unauthenticated recovery allows Coordinator impersonation High
GHSA-vqv5-385r-2hf8 was published for github.com/edgelesssys/contrast (Go) Feb 5, 2025
3u13r burgerdev
katexochen
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid... Critical Unreviewed
CVE-2025-20125 was published Feb 5, 2025
MarbleRun unauthenticated recovery allows Coordinator impersonation High
GHSA-w7wm-2425-7p2h was published for github.com/edgelesssys/marblerun (Go) Feb 4, 2025
TShock allows chat while not fully connected, possible ban evasion Moderate
GHSA-f8mx-cwfh-7hr2 was published for tshock (NuGet) Feb 3, 2025
ohayo
Kubewarden-Controller information leak via AdmissionPolicyGroup Resource Moderate
CVE-2025-24784 was published for github.com/kubewarden/kubewarden-controller (Go) Jan 30, 2025
flavio
The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that... High Unreviewed
CVE-2024-13646 was published Jan 30, 2025
The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)... High Unreviewed
CVE-2024-13694 was published Jan 30, 2025
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs Moderate
CVE-2025-24397 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Jan 22, 2025
A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical.... Moderate Unreviewed
CVE-2025-0580 was published Jan 20, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database