Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,870 advisories

Loading
starcitizentools/citizen-skin allows stored XSS in user registration date message Moderate
CVE-2025-49578 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev
Ibexa eZ Platform Admin UI XSS vulnerabilities in back office Moderate
GHSA-r7pm-mw8g-p7px was published for ezsystems/ezplatform-admin-ui (Composer) Jun 13, 2025
Ibexa eZ Platform Admin UI assets XSS vulnerabilities in back office Moderate
GHSA-r5rx-53g9-25rj was published for ezsystems/ezplatform-admin-ui-assets (Composer) Jun 13, 2025
Ibexa Admin UI assets XSS vulnerabilities in back office Moderate
GHSA-vhgq-r8gx-5fpv was published for ibexa/admin-ui-assets (Composer) Jun 13, 2025
Ibexa Admin UI XSS vulnerabilities in back office Moderate
GHSA-5r6x-g6jv-4v87 was published for ibexa/admin-ui (Composer) Jun 13, 2025
Ibexa RichText Field Type XSS vulnerabilities in back office Moderate
GHSA-9qv6-4pwm-m68f was published for ibexa/fieldtype-richtext (Composer) Jun 13, 2025
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization Critical
CVE-2025-49113 was published for roundcube/roundcubemail (Composer) Jun 2, 2025
Malayke
Redaxo Core CMS Cross Site Scripting (XSS) Moderate
CVE-2024-50803 was published for redaxo/source (Composer) Nov 19, 2024
handcraftedinthealps/goodby-csv has Potential Gadget Chain allowing Remote Code Execution Low
CVE-2025-49597 was published for handcraftedinthealps/goodby-csv (Composer) Jun 13, 2025
mcdruid
CodeIgniter Session Fixation Vulnerability Critical
CVE-2018-12071 was published for codeigniter/framework (Composer) May 14, 2022
Cross-site Scripting in Bagisto Moderate
CVE-2023-36236 was published for bagisto/bagisto (Composer) Jan 17, 2024
juzaweb CMS allows cross-site scripting by uploading an SVG file Moderate
CVE-2025-5420 was published for juzaweb/cms (Composer) Jun 2, 2025
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution Critical
CVE-2025-49132 was published for pterodactyl/panel (Composer) Jun 19, 2025
azimoff337
GeSHi XSS possible in the get_var function of /contrib/cssgen.php Moderate
CVE-2025-2123 was published for geshi/geshi (Composer) Mar 9, 2025
Magneto contains stored XSS vulnerability Critical
CVE-2025-47110 was published for magento/community-edition (Composer) Jun 10, 2025
Moodle Session Fixation allows unauthenticated users to hijack sessions via sesskey parameter Moderate
CVE-2025-53021 was published for moodle/moodle (Composer) Jun 24, 2025
TabberNeue vulnerable to Stored XSS through wikitext High
CVE-2025-53093 was published for starcitizentools/tabber-neue (Composer) Jun 27, 2025
SomeMWDev
raspap-webgui has a Directory Traversal vulnerability High
CVE-2025-44163 was published for billz/raspap-webgui (Composer) Jun 27, 2025
Withdrawn Advisory: Daylight Studio FUEL-CMS SQLi Vulnerability High
CVE-2020-24950 was published for codeigniter/framework (Composer) Aug 11, 2023 withdrawn
Microweber CMS API has authenticated local file inclusion vulnerability Moderate
CVE-2025-34076 was published for microweber/microweber (Composer) Jul 2, 2025
Citizen Short Description stored XSS vulnerability through wikitext High
CVE-2025-53369 was published for starcitizentools/short-description (Composer) Jul 3, 2025
SomeMWDev
starcitizentools/citizen-skin is vulnerable to Stored XSS attack in the legacy search bar through page descriptions High
CVE-2025-53368 was published for starcitizentools/citizen-skin (Composer) Jul 3, 2025
SomeMWDev
Citizen vulnerable to Stored XSS through short descriptions High
CVE-2025-53370 was published for starcitizentools/citizen-skin (Composer) Jul 3, 2025
SomeMWDev
Cockpit - Content Platform vulnerable to XSS through name or email argument names Moderate
CVE-2025-7053 was published for cockpit-hq/cockpit (Composer) Jul 4, 2025
Bolt CMS vulnerable to authenticated remote code execution High
CVE-2025-34086 was published for bolt/bolt (Composer) Jul 3, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database