Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,722
Maven
5,000+
npm
4,329
NuGet
762
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

176 advisories

Loading
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in... Critical Unreviewed
CVE-2025-1315 was published Mar 7, 2025
The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-13446 was published Mar 12, 2025
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1... Critical Unreviewed
CVE-2025-2080 was published Mar 13, 2025
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to,... Critical Unreviewed
CVE-2024-11286 was published Mar 14, 2025
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable... Critical Unreviewed
CVE-2024-13771 was published Mar 14, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2024-13442 was published Mar 19, 2025
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the... Critical Unreviewed
CVE-2025-2747 was published Mar 24, 2025
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the... Critical Unreviewed
CVE-2025-2746 was published Mar 24, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in ho3einie Material... Critical Unreviewed
CVE-2025-31095 was published Apr 1, 2025
Apache Pinot Vulnerable to Authentication Bypass Critical
CVE-2024-56325 was published for org.apache.pinot:pinot-broker (Maven) Apr 1, 2025
AnonySE26
Credited to AnonySE26
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2024-13553 was published Apr 1, 2025
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be... Critical Unreviewed
CVE-2025-2492 was published Apr 18, 2025
An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication... Critical Unreviewed
CVE-2025-45607 was published May 5, 2025
The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in... Critical Unreviewed
CVE-2025-1909 was published May 5, 2025
A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus... Critical Unreviewed
CVE-2024-12225 was published May 6, 2025
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication... Critical Unreviewed
CVE-2025-3844 was published May 7, 2025
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024... Critical Unreviewed
CVE-2025-22462 was published May 13, 2025
Affected Vertiv products do not properly protect webserver functions that could allow an attacker... Critical Unreviewed
CVE-2025-46412 was published May 21, 2025
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the... Critical Unreviewed
CVE-2025-34026 was published May 22, 2025
The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2025-4797 was published Jun 3, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in PayU India PayU India... Critical Unreviewed
CVE-2025-31022 was published Jun 9, 2025
CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through... Critical Unreviewed
CVE-2025-30184 was published Jun 10, 2025
The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme,... Critical Unreviewed
CVE-2025-4973 was published Jun 12, 2025
An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this... Critical Unreviewed
CVE-2025-51381 was published Jun 18, 2025
The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6... Critical Unreviewed
CVE-2025-6688 was published Jun 27, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database