GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,406
Composer 4,950
Erlang 39
GitHub Actions 38
Go 2,605
Maven 6,057
npm 4,250
NuGet 756
pip 4,016
Pub 12
RubyGems 953
Rust 1,049
Swift 45

Unreviewed advisories

All unreviewed 275,131

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

961 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An IDOR vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to view any files. The... Moderate Unreviewed

CVE-2024-9617 was published Mar 20, 2025

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy,... High Unreviewed

CVE-2024-8613 was published Mar 20, 2025

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover... High Unreviewed

CVE-2024-12880 was published Mar 20, 2025

A broken access control vulnerability exists in lunary-ai/lunary versions 1.2.7 through 1.4.2.... Moderate Unreviewed

CVE-2024-7476 was published Mar 20, 2025

In lunary-ai/lunary before version 1.6.3, an improper access control vulnerability exists where a... High Unreviewed

CVE-2024-11300 was published Mar 20, 2025

In version v0.3.8 of open-webui/open-webui, there is an improper access control vulnerability. On... Moderate Unreviewed

CVE-2024-7040 was published Mar 20, 2025

An Insecure Direct Object Reference (IDOR) vulnerability exists in the `PATCH /v1/runs/:id/score`... High Unreviewed

CVE-2024-11137 was published Mar 20, 2025

An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including... High Unreviewed

CVE-2024-5130 was published Jun 6, 2024

The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference... Moderate Unreviewed

CVE-2025-11176 was published Oct 15, 2025

Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis... High Unreviewed

CVE-2024-4341 was published Jul 8, 2024

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord... Critical Unreviewed

CVE-2024-1744 was published Sep 6, 2024

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Utarit Information... High Unreviewed

CVE-2024-3305 was published Sep 12, 2024

A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server... Moderate Unreviewed

CVE-2025-40773 was published Oct 14, 2025

Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate

CVE-2025-62252 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 13, 2025

Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate

CVE-2025-62241 was published for com.liferay.commerce:com.liferay.commerce.order.content.web (Maven) Oct 13, 2025

Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key Moderate

CVE-2025-62242 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025

Liferay Publications vulnerable to Authorization Bypass Through User-Controlled Key Moderate

CVE-2025-62244 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025

Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import... High Unreviewed

CVE-2025-9902 was published Oct 13, 2025

HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR).... Moderate Unreviewed

CVE-2025-31997 was published Oct 12, 2025

The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct... Moderate Unreviewed

CVE-2025-11518 was published Oct 11, 2025

The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for... High Unreviewed

CVE-2025-6038 was published Oct 9, 2025

Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed

CVE-2025-41091 was published Sep 30, 2025

Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed

CVE-2025-41097 was published Sep 30, 2025

Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed

CVE-2025-41098 was published Sep 30, 2025

Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed

CVE-2025-41099 was published Sep 30, 2025

Previous 12…39 Next

Previous 1 2 3 4 5 … 38 39 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

961 advisories