Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,811
Erlang
36
GitHub Actions
32
Go
2,396
Maven
5,000+
npm
4,033
NuGet
721
pip
3,824
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

143 advisories

Loading
The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to... Critical Unreviewed
CVE-2025-6895 was published Jul 26, 2025
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up... Critical Unreviewed
CVE-2025-7444 was published Jul 18, 2025
The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6... Critical Unreviewed
CVE-2025-6688 was published Jun 27, 2025
An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this... Critical Unreviewed
CVE-2025-51381 was published Jun 18, 2025
The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme,... Critical Unreviewed
CVE-2025-4973 was published Jun 12, 2025
CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through... Critical Unreviewed
CVE-2025-30184 was published Jun 10, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in PayU India PayU India... Critical Unreviewed
CVE-2025-31022 was published Jun 9, 2025
The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2025-4797 was published Jun 3, 2025
Affected Vertiv products do not properly protect webserver functions that could allow an attacker... Critical Unreviewed
CVE-2025-46412 was published May 21, 2025
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024... Critical Unreviewed
CVE-2025-22462 was published May 13, 2025
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication... Critical Unreviewed
CVE-2025-3844 was published May 7, 2025
A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus... Critical Unreviewed
CVE-2024-12225 was published May 6, 2025
The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in... Critical Unreviewed
CVE-2025-1909 was published May 5, 2025
An issue in the component /manage/ of itranswarp v2.19 allows attackers to bypass authentication... Critical Unreviewed
CVE-2025-45607 was published May 5, 2025
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be... Critical Unreviewed
CVE-2025-2492 was published Apr 18, 2025
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to privilege... Critical Unreviewed
CVE-2024-13553 was published Apr 1, 2025
Authentication Bypass Using an Alternate Path or Channel vulnerability in ho3einie Material... Critical Unreviewed
CVE-2025-31095 was published Apr 1, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2024-13442 was published Mar 19, 2025
The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable... Critical Unreviewed
CVE-2024-13771 was published Mar 14, 2025
The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to,... Critical Unreviewed
CVE-2024-11286 was published Mar 14, 2025
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1... Critical Unreviewed
CVE-2025-2080 was published Mar 13, 2025
The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in... Critical Unreviewed
CVE-2024-13446 was published Mar 12, 2025
The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in... Critical Unreviewed
CVE-2025-1315 was published Mar 7, 2025
The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all... Critical Unreviewed
CVE-2025-1515 was published Mar 5, 2025
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923... Critical Unreviewed
CVE-2025-27658 was published Mar 5, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database