Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,798
Maven
5,000+
npm
4,424
NuGet
772
pip
4,192
Pub
12
RubyGems
968
Rust
1,083
Swift
46
Unreviewed advisories
All unreviewed
5,000+

2,940 advisories

Loading
Ghost has Staff Token permission bypass High
CVE-2026-22595 was published for ghost (npm) Jan 8, 2026
odgrso
Credited to odgrso
Soft Serve is missing an authorization check in LFS lock deletion Moderate
CVE-2026-22253 was published for github.com/charmbracelet/soft-serve (Go) Jan 8, 2026
Tomer-PL
Credited to Tomer-PL
Kirby is missing permission checks in the content changes API Moderate
CVE-2026-21896 was published for getkirby/cms (Composer) Jan 8, 2026
lukaskleinschmidt
Credited to lukaskleinschmidt
OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft... High Unreviewed
CVE-2026-22230 was published Jan 8, 2026
The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data... Moderate Unreviewed
CVE-2025-14352 was published Jan 7, 2026
iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that... High Unreviewed
CVE-2020-36920 was published Jan 6, 2026
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token... Moderate Unreviewed
CVE-2025-69416 was published Jan 2, 2026
Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a ... High Unreviewed
CVE-2025-69414 was published Jan 2, 2026
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token... Moderate Unreviewed
CVE-2025-69417 was published Jan 2, 2026
Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts Low
CVE-2025-14986 was published for go.temporal.io/server (Go) Dec 30, 2025
Temporal has an Incorrect Authorization vulnerability Moderate
CVE-2025-14987 was published for go.temporal.io/server (Go) Dec 30, 2025
A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the... Low Unreviewed
CVE-2025-15126 was published Dec 28, 2025
A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the... Low Unreviewed
CVE-2025-15123 was published Dec 28, 2025
A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function... Low Unreviewed
CVE-2025-15124 was published Dec 28, 2025
A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function... Low Unreviewed
CVE-2025-15125 was published Dec 28, 2025
A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the... Low Unreviewed
CVE-2025-15120 was published Dec 28, 2025
A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function... Low Unreviewed
CVE-2025-15122 was published Dec 28, 2025
A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function... Low Unreviewed
CVE-2025-15119 was published Dec 28, 2025
Gitea mishandles authorization for deletion of releases Moderate
CVE-2025-68938 was published for code.gitea.io/gitea (Go) Dec 26, 2025
Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources Moderate
CVE-2025-68941 was published for code.gitea.io/gitea (Go) Dec 26, 2025
Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. Low
CVE-2025-68940 was published for code.gitea.io/gitea (Go) Dec 26, 2025
A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the... Moderate Unreviewed
CVE-2025-15085 was published Dec 25, 2025
Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler... High Unreviewed
CVE-2025-59683 was published Dec 25, 2025
Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP... Moderate Unreviewed
CVE-2025-66378 was published Dec 25, 2025
V-SOL GPON/EPON OLT Platform v2.03 contains a privilege escalation vulnerability that allows... High Unreviewed
CVE-2019-25237 was published Dec 24, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database