Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,781 advisories

Loading
Librenms has a reflected XSS on error alert Moderate
CVE-2025-23201 was published for librenms/librenms (Composer) Jan 16, 2025
tCu0n9
LimeSurvey Cross Site Scripting vulnerability Moderate
CVE-2024-28709 was published for limesurvey/limesurvey (Composer) Oct 7, 2024
Pixelfed may allow unauthorized actor to view private posts and private users Moderate
CVE-2025-30741 was published for pixelfed/pixelfed (Composer) Mar 25, 2025
Subrion CMS vulnerable to Cross Site Scripting Moderate
CVE-2024-25399 was published for intelliants/subrion (Composer) Feb 27, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments Moderate
CVE-2024-34004 was published for moodle/moodle (Composer) May 31, 2024
Dolibarr ERP CRM Code Injection vulnerability during installation Moderate
CVE-2024-29477 was published for dolibarr/dolibarr (Composer) Apr 3, 2024
PHPExcel vulnerable to XXE attacks through libxml Moderate
CVE-2014-2054 was published for phpoffice/phpexcel (Composer) May 17, 2022
Duplicate Advisory: Leantime affected by Improper Neutralization of HTML Tags Moderate
GHSA-jf6p-4hgv-v6qh was published for leantime/leantime (Composer) Mar 28, 2025 withdrawn
Leantime affected by Improper Neutralization of HTML Tags Moderate
CVE-2025-28254 was published for leantime/leantime (Composer) Feb 21, 2025
cyber-brent hugo-guzman
ConcreteCMS Cross-Site Scripting (XSS) via HTML Block Text Field Moderate
CVE-2025-2967 was published for concrete5/concrete5 (Composer) Mar 31, 2025
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Image Upload Moderate
CVE-2025-28092 was published for shopxo/shopxo (Composer) Mar 29, 2025
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Email Settings Moderate
CVE-2025-28093 was published for shopxo/shopxo (Composer) Mar 29, 2025
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) Moderate
CVE-2025-28094 was published for shopxo/shopxo (Composer) Mar 29, 2025
wp-svg-upload WordPress plugin vulnerable to Stored Cross-site Scripting Moderate
CVE-2024-11847 was published for digimix/wp-svg-upload (Composer) Mar 26, 2025
Rudloff
Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages Moderate
CVE-2025-3057 was published for drupal/core (Composer) Apr 1, 2025
Drupal AI Vulnerable to OS Command Injection via Optional Automator Types Moderate
CVE-2025-31692 was published for drupal/ai (Composer) Apr 1, 2025
Drupal Obfuscate Vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2025-3130 was published for drupal/obfuscate (Composer) Apr 3, 2025
API Platform Core can leak exceptions message that may contain sensitive information Moderate
CVE-2023-47639 was published for api-platform/core (Composer) Apr 3, 2025
Concrete CMS Vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Moderate
CVE-2025-3153 was published for concrete5/concrete5 (Composer) Apr 3, 2025
Shopware Broken ACL on Document retrieval to access other customers documents Moderate
GHSA-68wv-g3fw-pq7q was published for shopware/core (Composer) Apr 8, 2025
Joomla Framework Database Package Vulnerable to SQL Injection Moderate
CVE-2025-25226 was published for joomla/database (Composer) Apr 8, 2025
wallabag/wallabag Has Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities Moderate
GHSA-5pm7-cp8f-p2c2 was published for wallabag/wallabag (Composer) Apr 9, 2025
yguedidi
phpMyAdmin extension for TYPO3 has Cross-site Scripting vulnerability Moderate
CVE-2008-3032 was published for mehrwert/phpmyadmin (Composer) May 1, 2022
Joomla! allows attackers to access cached pages Moderate
CVE-2008-3226 was published for joomla/joomla-platform (Composer) May 1, 2022
Joomla! doesn't configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs Moderate
CVE-2008-3228 was published for joomla/joomla-platform (Composer) May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database