Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,766
Maven
5,000+
npm
4,371
NuGet
767
pip
4,144
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

795 advisories

Loading
FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO Moderate
CVE-2025-68481 was published for fastapi-users (pip) Dec 19, 2025
davidbors-snyk
Credited to davidbors-snyk
FastAPI SSP is vulnerable to Cross-site Request Forgery (CSRF) through improper OAuth parameter validation Moderate
CVE-2025-14546 was published for fastapi-sso (pip) Dec 19, 2025
Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate... Critical Unreviewed
CVE-2025-65041 was published Dec 19, 2025
An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator... Moderate Unreviewed
CVE-2025-46296 was published Dec 16, 2025
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers... Critical Unreviewed
CVE-2023-53895 was published Dec 16, 2025
Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR) Moderate
CVE-2025-67715 was published for Weblate (pip) Dec 15, 2025
naxus-audit nijel
Credited to naxus-audit and nijel
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed... Moderate Unreviewed
CVE-2025-65782 was published Dec 15, 2025
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sonoma 14.8... Moderate Unreviewed
CVE-2025-46289 was published Dec 12, 2025
Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration High
GHSA-4jmp-x7mh-rgmr was published for github.com/babylonlabs-io/finality-provider (Go) Dec 12, 2025
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The... High Unreviewed
CVE-2025-40830 was published Dec 9, 2025
The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized modification of data due to... Moderate Unreviewed
CVE-2025-12720 was published Dec 6, 2025
The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and... Moderate Unreviewed
CVE-2025-12505 was published Dec 6, 2025
step-ca Has Improper Authorization Check for SSH Certificate Revocation Moderate
CVE-2025-66406 was published for github.com/smallstep/certificates (Go) Dec 3, 2025
In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not... Critical Unreviewed
CVE-2025-58386 was published Dec 2, 2025
Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions High
CVE-2025-66301 was published for getgrav/grav (Composer) Dec 2, 2025
nakkouchtarek
Credited to nakkouchtarek
OneUptime Unauthorized User Creation via API High
CVE-2025-65966 was published for @oneuptime/common (npm) Nov 26, 2025
SamirWaleed
Credited to SamirWaleed
The Primakon Pi Portal 1.0.18 API /api/V2/pp_udfv_admin endpoint, fails to perform necessary... High Unreviewed
CVE-2025-64065 was published Nov 25, 2025
Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when... Moderate Unreviewed
CVE-2025-64063 was published Nov 25, 2025
The Primakon Pi Portal 1.0.18 /api/V2/pp_users?email endpoint is used for user data filtering but... High Unreviewed
CVE-2025-64062 was published Nov 25, 2025
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is... Moderate Unreviewed
CVE-2025-11815 was published Nov 21, 2025
Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized... High Unreviewed
CVE-2025-64655 was published Nov 21, 2025
OpenFGA Improper Policy Enforcement Moderate
CVE-2025-64751 was published for github.com/openfga/openfga (Go) Nov 20, 2025
The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Improper Authorization leading... Moderate Unreviewed
CVE-2025-13085 was published Nov 19, 2025
The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all... Moderate Unreviewed
CVE-2025-12777 was published Nov 19, 2025
The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to unauthorized modification of... Moderate Unreviewed
CVE-2025-12814 was published Nov 19, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database