Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,854 advisories

Loading
API Platform Core does not call GraphQl securityAfterResolver Moderate
CVE-2025-23204 was published for api-platform/core (Composer) Mar 24, 2025
soyuka vinceAmstoutz
ausi
Credited to soyuka, vinceAmstoutz, and ausi
Remote code execution in alextselegidis/easyappointments Moderate
CVE-2024-57601 was published for alextselegidis/easyappointments (Composer) Feb 13, 2025
Cross-site Scripting in thorsten/phpmyfaq Moderate
CVE-2023-0791 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
Cross-site Scripting in thorsten/phpmyfaq Moderate
CVE-2023-0794 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
TastyIgniter Has an Incorrect Access Control Vulnerability Moderate
CVE-2024-44314 was published for tastyigniter/tastyigniter (Composer) Mar 18, 2025
Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin Moderate
CVE-2023-25727 was published for phpmyadmin/phpmyadmin (Composer) Feb 13, 2023
MarkLee131
Credited to MarkLee131
Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout Moderate
CVE-2025-30152 was published for sylius/paypal-plugin (Composer) Mar 19, 2025
Contao Vulnerable to Cross-Site Scripting (XSS) through SVG uploads Moderate
CVE-2025-29790 was published for contao/core-bundle (Composer) Mar 18, 2025
Cross-site scripting (XSS) vulnerability in Description metadata Moderate
CVE-2024-37160 was published for getformwork/formwork (Composer) Jun 7, 2024
Kyokito1412
Credited to Kyokito1412
Clickstorm SEO Allows Cross-Site Scripting (XSS) Moderate
CVE-2025-30081 was published for clickstorm/cs-seo (Composer) Mar 19, 2025
Additional TCA Allows Cross-Site Scripting (XSS) Moderate
CVE-2025-30083 was published for codingms/additional-tca (Composer) Mar 19, 2025
Sylius PayPal Plugin Payment Amount Manipulation Vulnerability Moderate
CVE-2025-29788 was published for sylius/paypal-plugin (Composer) Mar 17, 2025
migo315
Credited to migo315
Formwork has a cross-site scripting (XSS) vulnerability in Site title Moderate
GHSA-vf6x-59hh-332f was published for getformwork/formwork (Composer) Mar 1, 2025
Kyokito1412
Credited to Kyokito1412
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc) Moderate
CVE-2025-24856 was published for causal/oidc (Composer) Jan 28, 2025
Laravel framework susceptible to reflected cross-site scripting Moderate
CVE-2024-13919 was published for laravel/framework (Composer) Mar 10, 2025
Froala WYSIWYG editor allows cross-site scripting (XSS) Moderate
CVE-2024-51434 was published for froala-editor (Composer) Nov 8, 2024
cdupuis
Credited to cdupuis
Froala Editor Cross-site Scripting vulnerability Moderate
CVE-2023-41592 was published for froala-editor (Composer) Sep 15, 2023
eoftedal cdupuis
Credited to eoftedal and cdupuis
Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover Moderate
CVE-2025-29773 was published for froxlor/froxlor (Composer) Mar 11, 2025
halas98
Credited to halas98
Laravel has a File Validation Bypass Moderate
CVE-2025-27515 was published for laravel/framework (Composer) Mar 5, 2025
Jusb3 TrixterTheTux
tcytra
Credited to Jusb3, TrixterTheTux, and tcytra
laravel-crud-wizard-free has File Validation Bypass Moderate
GHSA-3wgq-h4fr-cwg5 was published for macropay-solutions/laravel-crud-wizard-free (Composer) Mar 12, 2025
Pimcore Vulnerable to SQL Injection in getRelationFilterCondition Moderate
CVE-2025-27617 was published for pimcore/pimcore (Composer) Mar 11, 2025
cancan101
Credited to cancan101
Laravel framework susceptible to reflected cross-site scripting Moderate
CVE-2024-13918 was published for laravel/framework (Composer) Mar 10, 2025
DmitriyLewen xaldama
kalidor
Credited to DmitriyLewen, xaldama, and kalidor
Concrete CMS affected by a stored XSS in Folder Function.The "Add Folder" functionality Moderate
CVE-2025-0660 was published for concrete5/concrete5 (Composer) Mar 10, 2025
PocketMine-MP allows malicious client data to waste server resources due to lack of limits for explode() Moderate
GHSA-g274-c6jj-h78p was published for pocketmine/pocketmine-mp (Composer) Mar 10, 2025
PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters Moderate
CVE-2025-23210 was published for phpoffice/phpexcel (Composer) Feb 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database