Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,746
Erlang
35
GitHub Actions
29
Go
2,319
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
920
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

40 advisories

Loading
SAP S4CORE OData meta-data property allows an authenticated attacker to access restricted... Moderate Unreviewed
CVE-2025-43002 was published May 13, 2025
In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role... High Unreviewed
CVE-2025-47817 was published May 11, 2025
Craft CMS stores arbitrary content provided by unauthenticated users in session files Moderate
CVE-2025-35939 was published for craftcms/cms (Composer) May 8, 2025
In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify... High Unreviewed
CVE-2025-47245 was published May 4, 2025
The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order... Moderate Unreviewed
CVE-2025-3743 was published Apr 25, 2025
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price... High Unreviewed
CVE-2025-3530 was published Apr 23, 2025
SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data... Moderate Unreviewed
CVE-2025-31327 was published Apr 22, 2025
CodeLit CourseLit before 0.57.5 allows Parameter Tampering via a payment plan associated with the... Low Unreviewed
CVE-2025-32816 was published Apr 11, 2025
SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set... Moderate Unreviewed
CVE-2025-31333 was published Apr 8, 2025
Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout Moderate
CVE-2025-30152 was published for sylius/paypal-plugin (Composer) Mar 19, 2025
Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six... High Unreviewed
CVE-2025-30236 was published Mar 19, 2025
Sylius PayPal Plugin Payment Amount Manipulation Vulnerability Moderate
CVE-2025-29788 was published for sylius/paypal-plugin (Composer) Mar 17, 2025
migo315
SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass via the captcha parameter Moderate Unreviewed
CVE-2025-26312 was published Mar 14, 2025
In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation... Low Unreviewed
CVE-2025-27893 was published Mar 11, 2025
An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows... High Unreviewed
CVE-2025-25382 was published Mar 10, 2025
Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to... High Unreviewed
CVE-2025-0436 was published Jan 15, 2025
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity... High Unreviewed
CVE-2025-22384 was published Jan 4, 2025
TeamPass privileges issue Critical
CVE-2024-50703 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be... Moderate Unreviewed
CVE-2024-12123 was published Dec 4, 2024
Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to... High Unreviewed
CVE-2024-7025 was published Nov 27, 2024
Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to... High Unreviewed
CVE-2024-9123 was published Sep 25, 2024
The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all... Moderate Unreviewed
CVE-2024-6010 was published Sep 7, 2024
External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint... Moderate Unreviewed
CVE-2023-38520 was published Jun 4, 2024
External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar,... Low Unreviewed
CVE-2023-24373 was published Jun 4, 2024
A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows... Critical Unreviewed
CVE-2024-25153 was published Mar 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database