Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,519
Maven
5,000+
npm
4,156
NuGet
736
pip
3,956
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,988 advisories

Loading
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege... High Unreviewed
CVE-2025-7665 was published Sep 19, 2025
The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation... Moderate Unreviewed
CVE-2025-8487 was published Sep 19, 2025
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to unauthorized... Critical Unreviewed
CVE-2025-10690 was published Sep 19, 2025
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages... High Unreviewed
CVE-2025-8565 was published Sep 18, 2025
Jenkins is missing a permission check in the authenticated users' profile menu Moderate
CVE-2025-59475 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
Jenkins has a missing permission check, allowing users to obtain agent names Moderate
CVE-2025-59474 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed
CVE-2025-8999 was published Sep 17, 2025
Liferay Portal allows remote attackers to view display page templates via crafted URLs Moderate
CVE-2025-43805 was published for com.liferay:com.liferay.asset.display.page.service (Maven) Sep 17, 2025
matrix-js-sdk has insufficient validation when considering a room to be upgraded by another Low
CVE-2025-59160 was published for matrix-js-sdk (npm) Sep 16, 2025
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install... Moderate Unreviewed
CVE-2025-8446 was published Sep 16, 2025
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in... High Unreviewed
CVE-2025-43358 was published Sep 16, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Tahoe... Moderate Unreviewed
CVE-2025-43318 was published Sep 16, 2025
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in... Moderate Unreviewed
CVE-2025-43331 was published Sep 16, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2025-43341 was published Sep 16, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia... Moderate Unreviewed
CVE-2025-43311 was published Sep 16, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2025-43316 was published Sep 16, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26... High Unreviewed
CVE-2025-43329 was published Sep 16, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS... High Unreviewed
CVE-2025-43286 was published Sep 16, 2025
Flowise has unsandboxed remote code execution via Custom MCP High
GHSA-6933-jpx5-q87q was published for flowise (npm) Sep 15, 2025
assaf-levkovich-jf
Mattermost Missing Authorization vulnerability Moderate
CVE-2025-9076 was published for github.com/mattermost/mattermost-server (Go) Sep 15, 2025
Liferay Portal's Organization Selector exposes organization data to remote authenticated users Moderate
CVE-2025-43788 was published for com.liferay:com.liferay.organizations.item.selector.web (Maven) Sep 12, 2025
The Time Tracker plugin for WordPress is vulnerable to unauthorized modification and loss of data... High Unreviewed
CVE-2025-9018 was published Sep 11, 2025
The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that... High Unreviewed
CVE-2025-8425 was published Sep 11, 2025
The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data due... Moderate Unreviewed
CVE-2025-8423 was published Sep 11, 2025
The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for... Moderate Unreviewed
CVE-2025-8492 was published Sep 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database