Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

816 advisories

Loading
The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for... Moderate Unreviewed
CVE-2025-4691 was published May 31, 2025
Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. This vulnerability could allow... High Unreviewed
CVE-2025-40650 was published May 26, 2025
A vulnerability has been found in Summer Pearl Group Vacation Rental Management Platform up to 1... Moderate Unreviewed
CVE-2025-5182 was published May 26, 2025
A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated,... Moderate Unreviewed
CVE-2025-20114 was published May 21, 2025
The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference High
CVE-2025-48205 was published for sjbr/sr-feuser-register (Composer) May 21, 2025
reint_downloadmanager TYPO3 Extension is susceptible to Insecure Direct Object Reference Moderate
CVE-2025-48207 was published for renolit/reint-downloadmanager (Composer) May 21, 2025
The femanager TYPO3 extension allows Insecure Direct Object Reference Moderate
CVE-2025-48202 was published for in2code/femanager (Composer) May 21, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Chimpstudio WP JobHunt allows... Moderate Unreviewed
CVE-2025-39537 was published May 16, 2025
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is... Moderate Unreviewed
CVE-2025-3769 was published May 14, 2025
The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2024-8988 was published May 14, 2025
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2025-3605 was published May 9, 2025
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2025-3810 was published May 9, 2025
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2025-3811 was published May 9, 2025
A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE... Moderate Unreviewed
CVE-2025-20214 was published May 7, 2025
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference... Moderate Unreviewed
CVE-2025-3853 was published May 7, 2025
The User Registration & Membership – Custom Registration Form, Login Form, and User Profile... Moderate Unreviewed
CVE-2025-3281 was published May 6, 2025
The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account... High Unreviewed
CVE-2025-3610 was published May 6, 2025
The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions... Moderate Unreviewed
CVE-2025-1327 was published May 2, 2025
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2025-3874 was published May 1, 2025
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2025-3889 was published May 1, 2025
A vulnerability classified as critical was found in Weitong Mall 1.0.0. This vulnerability... Moderate Unreviewed
CVE-2025-4119 was published Apr 30, 2025
Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users Moderate
CVE-2025-3640 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle allows IDOR in RSS block, which allows access to additional RSS feeds Moderate
CVE-2025-3636 was published for moodle/moodle (Composer) Apr 25, 2025
A security vulnerability was discovered in Moodle that can allow hackers to gain access to... High Unreviewed
CVE-2025-3625 was published Apr 25, 2025
Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows... High Unreviewed
CVE-2025-25777 was published Apr 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database