Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,145
NuGet
735
pip
3,947
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,966 advisories

Loading
Flowise has unsandboxed remote code execution via Custom MCP High
GHSA-6933-jpx5-q87q was published for flowise (npm) Sep 15, 2025
assaf-levkovich-jf
Mattermost Missing Authorization vulnerability Moderate
CVE-2025-9076 was published for github.com/mattermost/mattermost-server (Go) Sep 15, 2025
Liferay Portal's Organization Selector exposes organization data to remote authenticated users Moderate
CVE-2025-43788 was published for com.liferay:com.liferay.organizations.item.selector.web (Maven) Sep 12, 2025
The Time Tracker plugin for WordPress is vulnerable to unauthorized modification and loss of data... High Unreviewed
CVE-2025-9018 was published Sep 11, 2025
The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that... High Unreviewed
CVE-2025-8425 was published Sep 11, 2025
The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data due... Moderate Unreviewed
CVE-2025-8423 was published Sep 11, 2025
The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for... Moderate Unreviewed
CVE-2025-8492 was published Sep 11, 2025
The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification... Moderate Unreviewed
CVE-2025-0763 was published Sep 11, 2025
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a... Moderate Unreviewed
CVE-2025-8778 was published Sep 10, 2025
The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior... Moderate Unreviewed
CVE-2025-9979 was published Sep 10, 2025
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-10040 was published Sep 10, 2025
Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0... High Unreviewed
CVE-2025-49459 was published Sep 10, 2025
Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS allows Accessing... Moderate Unreviewed
CVE-2025-58980 was published Sep 9, 2025
Missing Authorization vulnerability in frenify Categorify allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2025-59005 was published Sep 9, 2025
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital... Moderate Unreviewed
CVE-2025-58976 was published Sep 9, 2025
Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting... Moderate Unreviewed
CVE-2025-58978 was published Sep 9, 2025
Missing Authorization vulnerability in BerqWP BerqWP allows Exploiting Incorrectly Configured... Moderate Unreviewed
CVE-2025-58979 was published Sep 9, 2025
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital... Moderate Unreviewed
CVE-2025-58981 was published Sep 9, 2025
Missing Authorization vulnerability in spoddev2021 Spreadconnect. This issue affects... Moderate Unreviewed
CVE-2025-53291 was published Sep 9, 2025
Missing Authorization vulnerability in Laborator Kalium. This issue affects Kalium: from n/a... Moderate Unreviewed
CVE-2025-53348 was published Sep 9, 2025
Missing Authorization vulnerability in awesomesupport Awesome Support. This issue affects Awesome... Moderate Unreviewed
CVE-2025-53340 was published Sep 9, 2025
Missing Authorization vulnerability in Majestic Support Majestic Support. This issue affects... Moderate Unreviewed
CVE-2025-49860 was published Sep 9, 2025
Missing Authorization vulnerability in Roland Murg WP Simple Booking Calendar. This issue affects... Moderate Unreviewed
CVE-2025-39541 was published Sep 9, 2025
Missing Authorization vulnerability in andy_moyle Church Admin. This issue affects Church Admin:... Moderate Unreviewed
CVE-2025-39553 was published Sep 9, 2025
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure... High Unreviewed
CVE-2025-55141 was published Sep 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database