Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,489
Maven
5,000+
npm
4,106
NuGet
735
pip
3,928
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,772 advisories

Loading
wp-svg-upload WordPress plugin vulnerable to Stored Cross-site Scripting Moderate
CVE-2024-11847 was published for digimix/wp-svg-upload (Composer) Mar 26, 2025
Rudloff
Duplicate Advisory: Leantime affected by Improper Neutralization of HTML Tags Moderate
GHSA-jf6p-4hgv-v6qh was published for leantime/leantime (Composer) Mar 28, 2025 withdrawn
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) Moderate
CVE-2025-28094 was published for shopxo/shopxo (Composer) Mar 29, 2025
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Image Upload Moderate
CVE-2025-28092 was published for shopxo/shopxo (Composer) Mar 29, 2025
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Email Settings Moderate
CVE-2025-28093 was published for shopxo/shopxo (Composer) Mar 29, 2025
ConcreteCMS Cross-Site Scripting (XSS) via HTML Block Text Field Moderate
CVE-2025-2967 was published for concrete5/concrete5 (Composer) Mar 31, 2025
Drupal AI Missing Authorization vulnerability Moderate
CVE-2025-31678 was published for drupal/ai (Composer) Apr 1, 2025
Drupal Core Vulnerable to Forceful Browsing Moderate
CVE-2025-31673 was published for drupal/core (Composer) Apr 1, 2025
Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability Moderate
CVE-2025-31674 was published for drupal/core (Composer) Apr 1, 2025
Drupal AI Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2025-31677 was published for drupal/ai (Composer) Apr 1, 2025
Drupal Google Tag Cross-Site Request Forgery (CSRF) Moderate
CVE-2025-31683 was published for drupal/google_tag (Composer) Apr 1, 2025
Drupal Open Social Missing Authorization vulnerability Moderate
CVE-2025-31685 was published for goalgorilla/open_social (Composer) Apr 1, 2025
Drupal Google Tag Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-31682 was published for drupal/google_tag (Composer) Apr 1, 2025
Drupal General Data Protection Regulation Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2025-31689 was published for drupal/gdpr (Composer) Apr 1, 2025
Drupal Cache Utility Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2025-31690 was published for drupal/cache_utility (Composer) Apr 1, 2025
Drupal Ignition Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-31679 was published for drupal/ignition (Composer) Apr 1, 2025
Drupal AI Vulnerable to OS Command Injection Moderate
CVE-2025-31693 was published for drupal/ai (Composer) Apr 1, 2025
Drupal AI Vulnerable to OS Command Injection via Optional Automator Types Moderate
CVE-2025-31692 was published for drupal/ai (Composer) Apr 1, 2025
Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages Moderate
CVE-2025-3057 was published for drupal/core (Composer) Apr 1, 2025
Drupal Obfuscate Vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2025-3130 was published for drupal/obfuscate (Composer) Apr 3, 2025
Concrete CMS Vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Moderate
CVE-2025-3153 was published for concrete5/concrete5 (Composer) Apr 3, 2025
API Platform Core can leak exceptions message that may contain sensitive information Moderate
CVE-2023-47639 was published for api-platform/core (Composer) Apr 3, 2025
Shopware 6 allows attackers to check for registered accounts through the store-api Moderate
CVE-2025-30150 was published for shopware/core (Composer) Apr 8, 2025
niklaswolf
Shopware Broken ACL on Document retrieval to access other customers documents Moderate
GHSA-68wv-g3fw-pq7q was published for shopware/core (Composer) Apr 8, 2025
Joomla Framework Database Package Vulnerable to SQL Injection Moderate
CVE-2025-25226 was published for joomla/database (Composer) Apr 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database