GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,792
Erlang
36
GitHub Actions
29
Go
2,377
Maven
5,000+
npm
4,002
NuGet
720
pip
3,802
Pub
12
RubyGems
927
Rust
984
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
935 advisories
Filter by severity
Missing authorization in Windows StateRepository API allows an authorized attacker to perform...
High
Unreviewed
CVE-2025-49723
was published
Jul 8, 2025
SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to...
High
Unreviewed
CVE-2025-42952
was published
Jul 8, 2025
SAP Netweaver System Configuration does not perform necessary authorization checks for an...
High
Unreviewed
CVE-2025-42953
was published
Jul 8, 2025
SetTranslationHandler.php does not validate that the user is an election admin, allowing any ...
High
Unreviewed
CVE-2025-53485
was published
Jul 4, 2025
Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured...
High
Unreviewed
CVE-2025-52813
was published
Jul 4, 2025
The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing...
High
Unreviewed
CVE-2025-6814
was published
Jul 4, 2025
The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due...
High
Unreviewed
CVE-2025-5953
was published
Jul 4, 2025
During startup, the device automatically logs in the EPC2 Windows user without requesting a...
High
Unreviewed
CVE-2025-27461
was published
Jul 3, 2025
The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized...
High
Unreviewed
CVE-2025-5692
was published
Jul 2, 2025
Missing Authorization vulnerability in Dejan Jasnic Trusty Whistleblowing allows Exploiting...
High
Unreviewed
CVE-2025-52818
was published
Jun 27, 2025
Missing Authorization vulnerability in MDJM Mobile DJ Manager allows Exploiting Incorrectly...
High
Unreviewed
CVE-2025-52824
was published
Jun 27, 2025
Missing Authorization vulnerability in ZealousWeb Abandoned Contact Form 7 allows Exploiting...
High
Unreviewed
CVE-2025-52817
was published
Jun 27, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and...
High
Unreviewed
CVE-2025-5121
was published
Jun 20, 2025
Missing Authorization vulnerability in enguerranws Import YouTube videos as WP Posts allows...
High
Unreviewed
CVE-2025-52802
was published
Jun 20, 2025
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is...
High
Unreviewed
CVE-2025-5282
was published
Jun 13, 2025
Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET
requests to...
High
Unreviewed
CVE-2025-49181
was published
Jun 12, 2025
Files in the source code contain login credentials for the admin user and the property...
High
Unreviewed
CVE-2025-49182
was published
Jun 12, 2025
SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to...
High
Unreviewed
CVE-2025-29756
was published
Jun 11, 2025
SAP GRC allows a non-administrative user to access and initiate transaction which could allow...
High
Unreviewed
CVE-2025-42982
was published
Jun 10, 2025
SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary...
High
Unreviewed
CVE-2025-42983
was published
Jun 10, 2025
Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing...
High
Unreviewed
CVE-2025-49265
was published
Jun 9, 2025
Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce allows...
High
Unreviewed
CVE-2025-47463
was published
Jun 9, 2025
Missing Authorization vulnerability in Icegram Icegram Collect – Easy Form, Lead Collection and...
High
Unreviewed
CVE-2025-47527
was published
Jun 9, 2025
Missing Authorization vulnerability in looks_awesome Team Builder allows Exploiting Incorrectly...
High
Unreviewed
CVE-2025-32308
was published
Jun 9, 2025
Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability...
High
Unreviewed
CVE-2025-5894
was published
Jun 9, 2025
ProTip!
Advisories are also available from the
GraphQL API