Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

710 advisories

Loading
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for... Moderate Unreviewed
CVE-2024-13873 was published Feb 22, 2025
Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an... High Unreviewed
CVE-2025-0352 was published Feb 20, 2025
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-13740 was published Feb 18, 2025
StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a... High Unreviewed
CVE-2025-26788 was published Feb 14, 2025
Insecure direct object reference (IDOR) vulnerability in Anapi Group's h6web, allows an... Critical Unreviewed
CVE-2025-1270 was published Feb 13, 2025
The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all... Moderate Unreviewed
CVE-2025-0661 was published Feb 13, 2025
An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal,... High Unreviewed
CVE-2024-34520 was published Feb 13, 2025
The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress... Moderate Unreviewed
CVE-2024-13601 was published Feb 12, 2025
Distribution's token authentication allows to inject an untrusted signing key in a JWT High
CVE-2025-24976 was published for github.com/distribution/distribution/v3 (Go) Feb 11, 2025
evanebb
Authorization Bypass in OPC UA .NET Standard Stack High
CVE-2024-42512 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Feb 10, 2025
The Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time plugin for... Moderate Unreviewed
CVE-2024-13841 was published Feb 7, 2025
In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the... High Unreviewed
CVE-2024-39033 was published Feb 6, 2025
ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability... Low Unreviewed
CVE-2024-9097 was published Feb 5, 2025
The UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget,... Moderate Unreviewed
CVE-2024-10696 was published Feb 5, 2025
The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2024-12046 was published Feb 4, 2025
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-13607 was published Feb 4, 2025
Authorization Bypass Through User-Controlled Key vulnerability in NirWp Team Nirweb support. This... Moderate Unreviewed
CVE-2025-22695 was published Feb 3, 2025
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for... Moderate Unreviewed
CVE-2024-13425 was published Feb 1, 2025
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for... Moderate Unreviewed
CVE-2024-13428 was published Feb 1, 2025
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for... Moderate Unreviewed
CVE-2024-13429 was published Feb 1, 2025
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for... Moderate Unreviewed
CVE-2024-13372 was published Feb 1, 2025
The Typer Core plugin for WordPress is vulnerable to Information Exposure in all versions up to,... Moderate Unreviewed
CVE-2024-12102 was published Jan 30, 2025
The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)... High Unreviewed
CVE-2024-13694 was published Jan 30, 2025
The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2024-13457 was published Jan 30, 2025
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc) Moderate
CVE-2025-24856 was published for causal/oidc (Composer) Jan 28, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database