Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,110
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,780 advisories

Loading
Moodle Cross-site Scripting (XSS) Moderate
CVE-2024-33998 was published for moodle/moodle (Composer) May 31, 2024
AnonySE26
Moodle Cross-site Scripting (XSS) Moderate
CVE-2024-34000 was published for moodle/moodle (Composer) May 31, 2024
AnonySE26
Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency Moderate
CVE-2024-28859 was published for friendsofsymfony1/swiftmailer (Composer) Mar 18, 2024
darkpills
tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting Moderate
CVE-2024-11718 was published for couleurcitron/tarteaucitron-wp (Composer) May 15, 2025
Rudloff
TYPO3 Allows Unrestricted File Upload in File Abstraction Layer Moderate
CVE-2025-47939 was published for typo3/cms-core (Composer) May 20, 2025
0xHamy ohader
TYPO3 Indexed Search Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55923 was published for typo3/cms-indexed-search (Composer) Jan 14, 2025
TYPO3 Form Framework Module vulnerable to Cross-Site Request Forgery Moderate
CVE-2024-55922 was published for typo3/cms-form (Composer) Jan 14, 2025
TYPO3 Cross-Site Request Forgery in Dashboard Module Moderate
CVE-2024-55920 was published for typo3/cms-dashboard (Composer) Jan 14, 2025
[clickstorm] SEO (cs_seo) TYPO3 extension Cross-site Scripting (XSS) vulnerability Moderate
CVE-2025-48203 was published for clickstorm/cs-seo (Composer) May 21, 2025
The femanager TYPO3 extension allows Insecure Direct Object Reference Moderate
CVE-2025-48202 was published for in2code/femanager (Composer) May 21, 2025
reint_downloadmanager TYPO3 Extension is susceptible to Insecure Direct Object Reference Moderate
CVE-2025-48207 was published for renolit/reint-downloadmanager (Composer) May 21, 2025
The Backup Plus extension for TYPO3 (ns_backup) allows command injections Moderate
CVE-2025-48204 was published for nitsan/ns-backup (Composer) May 21, 2025
TYPO3 Potential Open Redirect via Parsing Differences Moderate
CVE-2024-55892 was published for typo3/cms-core (Composer) Jan 14, 2025
zer0yu
Moodle context freezing Moderate
CVE-2019-3852 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131 decsecre583
Moodle sensitive information disclosure Moderate
CVE-2015-5340 was published for moodle/moodle (Composer) May 13, 2022
decsecre583
Mautic does not shield .env files from web traffic Moderate
CVE-2024-47056 was published for mautic/core (Composer) May 28, 2025
r3ky lenonleite
nick-vanpraet patrykgruszka
Mautic's Predictable Page Indexing Might Lead to Sensitive Data Exposure Moderate
CVE-2025-5257 was published for mautic/core (Composer) May 28, 2025
Mautic allows user name enumeration due to response time difference on password reset form Moderate
CVE-2024-47057 was published for mautic/core (Composer) May 28, 2025
patrykgruszka nick-vanpraet
Mautic segment cloning doesn't have a proper permission check Moderate
CVE-2024-47055 was published for mautic/core (Composer) May 28, 2025
abhisekmazumdar patrykgruszka
nick-vanpraet
Craft CMS stores arbitrary content provided by unauthenticated users in session files Moderate
CVE-2025-35939 was published for craftcms/cms (Composer) May 8, 2025
Mautic has an Open Redirect vulnerability on user unlock path. Moderate
CVE-2025-5256 was published for mautic/core (Composer) May 28, 2025
tomekkowalczyk patrykgruszka
nick-vanpraet
MantisBT unauthorized users able to access private files Moderate
CVE-2020-25781 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT cross-site scripting (XSS) vulnerability through crafted PATH_INFO Moderate
CVE-2018-16514 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT allows cross-site scripting (XSS) via crafted filename Moderate
CVE-2019-15074 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT XSS when uploading an attachment Moderate
CVE-2019-15539 was published for mantisbt/mantisbt (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database