Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

786 advisories

Loading
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is... Moderate Unreviewed
CVE-2025-11815 was published Nov 21, 2025
The Primakon Pi Portal 1.0.18 /api/V2/pp_users?email endpoint is used for user data filtering but... High Unreviewed
CVE-2025-64062 was published Nov 25, 2025
The Primakon Pi Portal 1.0.18 API /api/V2/pp_udfv_admin endpoint, fails to perform necessary... High Unreviewed
CVE-2025-64065 was published Nov 25, 2025
Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when... Moderate Unreviewed
CVE-2025-64063 was published Nov 25, 2025
OneUptime Unauthorized User Creation via API High
CVE-2025-65966 was published for @oneuptime/common (npm) Nov 26, 2025
SamirWaleed
Credited to SamirWaleed
Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions High
CVE-2025-66301 was published for getgrav/grav (Composer) Dec 2, 2025
nakkouchtarek
Credited to nakkouchtarek
In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not... Critical Unreviewed
CVE-2025-58386 was published Dec 2, 2025
step-ca Has Improper Authorization Check for SSH Certificate Revocation Moderate
CVE-2025-66406 was published for github.com/smallstep/certificates (Go) Dec 3, 2025
The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and... Moderate Unreviewed
CVE-2025-12505 was published Dec 6, 2025
The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to... Moderate Unreviewed
CVE-2025-12720 was published Dec 6, 2025
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The... High Unreviewed
CVE-2025-40830 was published Dec 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database