Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,877
Erlang
37
GitHub Actions
38
Go
2,532
Maven
5,000+
npm
4,191
NuGet
742
pip
3,970
Pub
12
RubyGems
947
Rust
1,030
Swift
39
Unreviewed advisories
All unreviewed
5,000+

915 advisories

Loading
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41093 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41095 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41092 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41094 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41091 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41098 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41099 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41097 was published Sep 30, 2025
Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2... High Unreviewed
CVE-2025-41096 was published Sep 30, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Anadolu Hayat Emeklilik Inc.... Moderate Unreviewed
CVE-2025-9342 was published Sep 23, 2025
Liferay Portal and DXP allows users to add a note to a different virtual instance Moderate
CVE-2025-43810 was published for com.liferay.commerce:com.liferay.commerce.service (Maven) Sep 23, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS Academy LMS allows... Moderate Unreviewed
CVE-2025-59562 was published Sep 22, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Alex Content Mask allows... Low Unreviewed
CVE-2025-58012 was published Sep 22, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Sayful Islam Upcoming Events... Moderate Unreviewed
CVE-2025-57994 was published Sep 22, 2025
Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software... Moderate Unreviewed
CVE-2025-0875 was published Sep 22, 2025
Mattermost boards plugin fails to restrict download access to files Low
CVE-2025-9081 was published for github.com/mattermost/mattermost-plugin-boards (Go) Sep 19, 2025
Liferay Contacts Center widget has insecure direct object reference Moderate
CVE-2025-43803 was published for com.liferay:com.liferay.contacts.web (Maven) Sep 19, 2025
Tronclass developed by WisdomGarden has an Insecure Direct object Reference vulnerability,... Moderate Unreviewed
CVE-2025-10719 was published Sep 19, 2025
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2025-5948 was published Sep 19, 2025
The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct Object Reference in... Moderate Unreviewed
CVE-2025-10493 was published Sep 18, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Nebula Informatics SecHard... Moderate Unreviewed
CVE-2025-8463 was published Sep 17, 2025
Authorization Bypass Through User-Controlled Key vulnerability in Beefull Energy Technologies... Moderate Unreviewed
CVE-2025-7355 was published Sep 16, 2025
Authorization Bypass Through User-Controlled Key vulnerability with user privileges in ArgusTech... Moderate Unreviewed
CVE-2025-5518 was published Sep 16, 2025
Liferay Portal is vulnerable to Insecure Direct Object Reference (IDOR) attack through Authentication Bypass High
CVE-2025-43790 was published for com.liferay:com.liferay.object.service (Maven) Sep 11, 2025
Liferay Portal API Allows Authenticated Users to Access Workflow Definitions by Name Moderate
CVE-2025-43782 was published for com.liferay:com.liferay.portal.workflow.kaleo.runtime.integration.impl (Maven) Sep 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database