GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,867 advisories
Maho is Vulnerable to Authenticated Remote Code Execution via File Upload
High
CVE-2025-58449
was published
for
mahocommerce/maho
(Composer)
Sep 9, 2025
Mautic Vulnerable to User Enumeration via Response Timing
Moderate
CVE-2025-9824
was published
for
mautic/core
(Composer)
Sep 3, 2025
Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add
Moderate
CVE-2025-9823
was published
for
mautic/core
(Composer)
Sep 3, 2025
Mautic vulnerable to secret data extraction via elfinder
Moderate
CVE-2025-9822
was published
for
mautic/core
(Composer)
Sep 3, 2025
Mautic vulnerable to SSRF via webhook function
Low
CVE-2025-9821
was published
for
mautic/core
(Composer)
Sep 3, 2025
PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking
High
GHSA-fqqv-56h5-f57g
was published
for
pocketmine/pocketmine-mp
(Composer)
Sep 2, 2025
Contao does not properly manage privileges for page and article fields
Moderate
CVE-2025-57759
was published
for
contao/contao
(Composer)
Aug 28, 2025
Contao can disclose sensitive information in the news module
Moderate
CVE-2025-57757
was published
for
contao/contao
(Composer)
Aug 28, 2025
Contao discloses sensitive information in the front end search index
Moderate
CVE-2025-57756
was published
for
contao/contao
(Composer)
Aug 28, 2025
Craft CMS Potential Remote Code Execution via Twig SSTI
Moderate
CVE-2025-57811
was published
for
craftcms/cms
(Composer)
Aug 25, 2025
ProTip!
Advisories are also available from the
GraphQL API