Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,655
Maven
5,000+
npm
4,284
NuGet
760
pip
4,067
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,854 advisories

Loading
TCPDF Cross-site Scripting vulnerability Moderate
CVE-2024-32489 was published for tecnickcom/tcpdf (Composer) Apr 15, 2024
TCPDF Local File Inclusion vulnerability Moderate
CVE-2024-51058 was published for tecnickcom/tcpdf (Composer) Nov 26, 2024
TCPDF lacks SVG sanitization Moderate
CVE-2024-56519 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
phpMyAdmin XSS when checking tables Moderate
CVE-2025-24530 was published for phpmyadmin/phpmyadmin (Composer) Jan 23, 2025
Shopware race condition bypasses voucher restrictions Moderate
CVE-2025-7954 was published for shopware/platform (Composer) Aug 6, 2025
tecnickcom/tc-lib-pdf-font mishandles fonts Moderate
CVE-2024-56520 was published for tecnickcom/tc-lib-pdf-font (Composer) Dec 27, 2024
TCPDF missing character escape on error messages Moderate
CVE-2024-56527 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto Moderate
CVE-2018-25047 was published for smarty/smarty (Composer) Sep 16, 2022
MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length Moderate
CVE-2025-46556 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
TheAmazeng dregad
Credited to TheAmazeng and dregad
MediaWiki UnlinkedWikibase Cross-site Scripting vulnerability Moderate
CVE-2024-34500 was published for samwilson/unlinked-wikibase (Composer) May 5, 2024
R4356th
Credited to R4356th
Duplicate Advisory: Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document Moderate
GHSA-8m2r-x2m2-3wmw was published for pimcore/pimcore (Composer) Jan 28, 2025 withdrawn
TCPDF vulnerable to Regular Expression Denial of Service Moderate
CVE-2024-22640 was published for tecnickcom/tcpdf (Composer) Apr 19, 2024
Starfox64
Credited to Starfox64
MantisBT lacks verification when changing a user's email address Moderate
CVE-2025-55155 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
ncrcs dregad
Credited to ncrcs and dregad
Magento Improper Authorization vulnerability Moderate
CVE-2024-39407 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization vulnerability Moderate
CVE-2024-39413 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization vulnerability Moderate
CVE-2024-39418 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization vulnerability Moderate
CVE-2024-39404 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization vulnerability Moderate
CVE-2024-39405 was published for magento/community-edition (Composer) Aug 14, 2024
Magento affected by a business logic error in the placeOrder graphql mutation Moderate
CVE-2021-36012 was published for magento/community-edition (Composer) May 24, 2022
Magento stored cross-site scripting vulnerability Moderate
CVE-2021-36027 was published for magento/community-edition (Composer) May 24, 2022
Magento stored cross-site scripting vulnerability in the customer address upload feature Moderate
CVE-2021-36026 was published for magento/community-edition (Composer) May 24, 2022
OpenMage vulnerable to XSS in Admin Notifications Moderate
CVE-2025-64174 was published for openmage/magento-lts (Composer) Nov 3, 2025
Judx
Credited to Judx
Magento discloses sensitive information Moderate
CVE-2021-36039 was published for magento/community-edition (Composer) May 24, 2022
Magento is affected by an improper authorization vulnerability Moderate
CVE-2021-36037 was published for magento/community-edition (Composer) May 24, 2022
Magento discloses sensitive information via the Multishipping Module Moderate
CVE-2021-36038 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database