Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,899
Erlang
38
GitHub Actions
38
Go
2,558
Maven
5,000+
npm
4,235
NuGet
751
pip
4,001
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

946 advisories

Loading
Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object... Moderate Unreviewed
CVE-2025-9559 was published Oct 16, 2025
Strapi Allows Unauthorized Access to Private Fields via parms.lookup High
CVE-2024-56143 was published for @strapi/core (npm) Oct 16, 2025
Boegie19 alexandrebodin
derrickmehaffy
Credited to Boegie19, alexandrebodin, and derrickmehaffy
The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in... Critical Unreviewed
CVE-2025-10742 was published Oct 16, 2025
Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This... High Unreviewed
CVE-2025-41020 was published Oct 16, 2025
The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference... Moderate Unreviewed
CVE-2025-11176 was published Oct 15, 2025
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server... Moderate Unreviewed
CVE-2025-40773 was published Oct 14, 2025
Liferay Account Admin Web vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62242 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62252 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 13, 2025
Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62241 was published for com.liferay.commerce:com.liferay.commerce.order.content.web (Maven) Oct 13, 2025
Liferay Publications vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2025-62244 was published for com.liferay:com.liferay.change.tracking.web (Maven) Oct 13, 2025
Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import... High Unreviewed
CVE-2025-9902 was published Oct 13, 2025
HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR).... Moderate Unreviewed
CVE-2025-31997 was published Oct 12, 2025
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct... Moderate Unreviewed
CVE-2025-11518 was published Oct 11, 2025
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for... High Unreviewed
CVE-2025-6038 was published Oct 9, 2025
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user... Moderate Unreviewed
CVE-2025-43724 was published Oct 8, 2025
Insecure Direct Object Reference (IDOR) in Negotiator v3.15.2 from Biobanking and Biomolecular... Moderate Unreviewed
CVE-2025-40676 was published Oct 7, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Logo Software Inc. Logo Cloud... Moderate Unreviewed
CVE-2025-0606 was published Oct 6, 2025
Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in... Moderate Unreviewed
CVE-2025-0642 was published Oct 2, 2025
Liferay Portal Vulnerable to IDOR via audit events Moderate
CVE-2025-43827 was published for com.liferay:com.liferay.portal.security.audit.storage.service (Maven) Sep 30, 2025
An Insecure Direct Object Reference (IDOR) in the /dashboard/notes endpoint of Syaqui... High Unreviewed
CVE-2025-56392 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41092 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41093 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41097 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41099 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41091 was published Sep 30, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database