Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,632
Erlang
34
GitHub Actions
25
Go
2,231
Maven
5,000+
npm
3,897
NuGet
701
pip
3,664
Pub
12
RubyGems
914
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

174 advisories

Loading
The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via... High Unreviewed
CVE-2024-12295 was published Mar 19, 2025
This vulnerability exists in the CAP back office application due to a weak password-reset... High Unreviewed
CVE-2025-29995 was published Mar 13, 2025
A vulnerability was found in PHPGurukul Online Library Management System 3.0. It has been... Low Unreviewed
CVE-2025-2093 was published Mar 8, 2025
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for... High Unreviewed
CVE-2025-1570 was published Feb 28, 2025
Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an... Moderate Unreviewed
CVE-2025-1231 was published Feb 11, 2025
A vulnerability, which was classified as critical, has been found in YunzMall up to 2.4.2. This... Moderate Unreviewed
CVE-2025-0331 was published Jan 9, 2025
The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-11350 was published Jan 8, 2025
CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account... Critical Unreviewed
CVE-2024-53552 was published Dec 10, 2024
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for... Critical Unreviewed
CVE-2024-47547 was published Dec 6, 2024
The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account... Critical Unreviewed
CVE-2024-11103 was published Nov 28, 2024
IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their... Moderate Unreviewed
CVE-2024-45670 was published Nov 14, 2024
An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password... Critical Unreviewed
CVE-2024-48428 was published Oct 25, 2024
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is... High Unreviewed
CVE-2024-9302 was published Oct 25, 2024
The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation... High Unreviewed
CVE-2024-9305 was published Oct 16, 2024
A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability... Moderate Unreviewed
CVE-2024-9907 was published Oct 13, 2024
A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password... High Unreviewed
CVE-2024-45980 was published Sep 26, 2024
The password recovery mechanism for the forgotten password in Riello Netman 204 allows an... Critical Unreviewed
CVE-2024-8878 was published Sep 25, 2024
A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by... Moderate Unreviewed
CVE-2024-8692 was published Sep 11, 2024
A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain... High Unreviewed
CVE-2024-42915 was published Aug 23, 2024
HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability.... High Unreviewed
CVE-2024-6203 was published Aug 6, 2024
Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the... Critical Unreviewed
CVE-2024-38468 was published Jun 16, 2024
Keycloak Denial of Service via account lockout Low
CVE-2024-1722 was published for org.keycloak:keycloak-services (Maven) Jun 12, 2024
Chetven
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak... High Unreviewed
CVE-2023-7264 was published Jun 11, 2024
In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism... Moderate Unreviewed
CVE-2024-5277 was published Jun 6, 2024
An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak... Critical Unreviewed
CVE-2024-5404 was published Jun 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database