GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,870 advisories
Craft CMS has a theoretical bypass for CVE-2025-23209
Moderate
CVE-2025-54417
was published
for
craftcms/cms
(Composer)
Aug 8, 2025
svg-sanitizer Bypasses Attribute Sanitization
Moderate
CVE-2025-55166
was published
for
enshrined/svg-sanitize
(Composer)
Aug 12, 2025
LibreNMS allows stored XSS in Alert Template name field
Moderate
CVE-2025-55296
was published
for
librenms/librenms
(Composer)
Aug 18, 2025
WP Crontrol Authenticated (Administrator+) plugin vulnerable to Blind Server-Side Request Forgery
Moderate
CVE-2025-8678
was published
for
johnbillion/wp-crontrol
(Composer)
Aug 19, 2025
UnoPim has Stored Cross-site Scripting vulnerability in user creation functionality
Moderate
CVE-2025-55742
was published
for
unopim/unopim
(Composer)
Aug 21, 2025
UnoPim vulnerable to remote code execution through Arbitrary File upload
High
CVE-2025-55743
was published
for
unopim/unopim
(Composer)
Aug 21, 2025
UnoPim vulnerable to CSRF on Product edit feature and creation of other types
Moderate
CVE-2025-55744
was published
for
unopim/unopim
(Composer)
Aug 21, 2025
UnoPim has Broken Access Control
High
CVE-2025-55741
was published
for
unopim/unopim
(Composer)
Aug 22, 2025
UnoPim has CSV Injection on Quick Export feature
Low
CVE-2025-55745
was published
for
unopim/unopim
(Composer)
Aug 22, 2025
Craft CMS Potential Remote Code Execution via Twig SSTI
Moderate
CVE-2025-57811
was published
for
craftcms/cms
(Composer)
Aug 25, 2025
Contao discloses sensitive information in the front end search index
Moderate
CVE-2025-57756
was published
for
contao/contao
(Composer)
Aug 28, 2025
Contao can disclose sensitive information in the news module
Moderate
CVE-2025-57757
was published
for
contao/contao
(Composer)
Aug 28, 2025
ProTip!
Advisories are also available from the
GraphQL API