Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,854 advisories

Loading
Magento Open Source affected by Improper Input Validation Moderate
CVE-2022-24093 was published for magento/community-edition (Composer) Sep 18, 2023
Magento Open Source allows Incorrect Authorization Moderate
CVE-2023-38209 was published for magento/community-edition (Composer) Aug 9, 2023
Magento Open Source affected by Improper Input Validation Moderate
CVE-2023-22248 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source allows Server-Side Request Forgery (SSRF) Moderate
CVE-2023-29292 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source allows Server-Side Request Forgery (SSRF) Moderate
CVE-2023-29291 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source allows Incorrect Authorization Moderate
CVE-2023-29290 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source allows XML Injection Moderate
CVE-2023-29289 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source allows Information Exposure Moderate
CVE-2023-29287 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source allows Incorrect Authorization Moderate
CVE-2023-29288 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source allows Improper Access Control Moderate
CVE-2022-35689 was published for magento/community-edition (Composer) Oct 15, 2022
Magento Open Source allows Improper Access Control Moderate
CVE-2023-22250 was published for magento/community-edition (Composer) Mar 27, 2023
Magento Open Source allows Incorrect Authorization Moderate
CVE-2023-22251 was published for magento/community-edition (Composer) Mar 27, 2023
Magento Open Source allows Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-39864 was published for magento/community-edition (Composer) May 24, 2022
Silverstripe Flash Clipboard Reflected XSS Moderate
CVE-2019-12205 was published for silverstripe/admin (Composer) May 24, 2022
maxime-rainville G-Rath
Credited to maxime-rainville and G-Rath
Magento Improper Access Control vulnerability Moderate
CVE-2025-24435 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24427 was published for magento/community-edition (Composer) Feb 11, 2025
Magento stored Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-24428 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24424 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Business Logic Error vulnerability Moderate
CVE-2025-24425 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Incorrect Authorization vulnerability Moderate
CVE-2025-24421 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Information Exposure vulnerability Moderate
CVE-2025-24408 was published for magento/community-edition (Composer) Feb 11, 2025
Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale Moderate
CVE-2025-22145 was published for nesbot/carbon (Composer) Jan 8, 2025
Moodle's feedback response viewing and deletions did not respect Separate Groups mode Moderate
CVE-2025-26526 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block Moderate
CVE-2025-26527 was published for moodle/moodle (Composer) Feb 24, 2025
Leantime allows Cross-Site Request Forgery (CSRF) Moderate
GHSA-92xh-6x7v-4rmq was published for leantime/leantime (Composer) Feb 21, 2025
dead1nfluence
Credited to dead1nfluence
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database