Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,328 advisories

Loading
Soosyze CMS's /user/login endpoint missing rate-limiting and lockout mechanisms High
CVE-2025-52392 was published for soosyze/soosyze (Composer) Aug 13, 2025
Magento Cross-site Scripting vulnerability High
CVE-2025-49557 was published for magento/community-edition (Composer) Aug 12, 2025
Magento has incorrect authorization issue that leads to arbitrary file system read High
CVE-2025-49556 was published for magento/community-edition (Composer) Aug 12, 2025
Magento vulnerable to denial of service High
CVE-2025-49554 was published for magento/community-edition (Composer) Aug 12, 2025
Magento Cross-Site Request Forgery (CSRF) vulnerability High
CVE-2025-49555 was published for magento/community-edition (Composer) Aug 12, 2025
Bacula-web SQL Injection Vulnerability High
CVE-2025-45346 was published for bacula-web/bacula-web (Composer) Jul 29, 2025
z-push/z-push-dev SQL Injection Vulnerability High
CVE-2025-8264 was published for z-push/z-push-dev (Composer) Jul 29, 2025
HAX CMS API Lacks Authorization Checks High
CVE-2025-54378 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 25, 2025
lfgberg
Credited to lfgberg
LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE High
CVE-2025-54138 was published for librenms/librenms (Composer) Jul 21, 2025
skraft9
Credited to skraft9
Dolibarr has Remote Code Execution Vulnerability (Bypass) High
GHSA-49xw-hw94-fmv2 was published for dolibarr/dolibarr (Composer) Jul 21, 2025
wh0amitz
Credited to wh0amitz
DynamicPageList3 vulnerability exposes hidden/suppressed usernames High
CVE-2025-53625 was published for universal-omega/dynamic-page-list3 (Composer) Jul 10, 2025
Markus-Rost Universal-Omega
Credited to Markus-Rost and Universal-Omega
Citizen Short Description stored XSS vulnerability through wikitext High
CVE-2025-53369 was published for starcitizentools/short-description (Composer) Jul 3, 2025
SomeMWDev
Credited to SomeMWDev
Bolt CMS vulnerable to authenticated remote code execution High
CVE-2025-34086 was published for bolt/bolt (Composer) Jul 3, 2025
Citizen vulnerable to Stored XSS through short descriptions High
CVE-2025-53370 was published for starcitizentools/citizen-skin (Composer) Jul 3, 2025
SomeMWDev
Credited to SomeMWDev
starcitizentools/citizen-skin is vulnerable to Stored XSS attack in the legacy search bar through page descriptions High
CVE-2025-53368 was published for starcitizentools/citizen-skin (Composer) Jul 3, 2025
SomeMWDev
Credited to SomeMWDev
TabberNeue vulnerable to Stored XSS through wikitext High
CVE-2025-53093 was published for starcitizentools/tabber-neue (Composer) Jun 27, 2025
SomeMWDev
Credited to SomeMWDev
raspap-webgui has a Directory Traversal vulnerability High
CVE-2025-44163 was published for billz/raspap-webgui (Composer) Jun 27, 2025
Drupal Admin Audit Trail Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2025-48448 was published for drupal/admin_audit_trail (Composer) Jun 11, 2025
Drupal Commerce Alphabank Redirect Incorrect Authorization vulnerability High
CVE-2025-48446 was published for drupal/commerce_alphabank_redirect (Composer) Jun 11, 2025
Drupal Commerce Eurobank (Redirect) Incorrect Authorization vulnerability High
CVE-2025-48445 was published for drupal/commerce_eurobank_redirect (Composer) Jun 11, 2025
Magento Improper Authorization leading to security feature bypass High
CVE-2025-43585 was published for magento/community-edition (Composer) Jun 10, 2025
Hax CMS Stored Cross-Site Scripting vulnerability High
CVE-2025-49137 was published for elmsln/haxcms (Composer) Jun 9, 2025
lfgberg asareynolds
Credited to lfgberg and asareynolds
PHPOffice Math allows XXE when processing an XML file in the MathML format High
CVE-2025-48882 was published for phpoffice/math (Composer) May 29, 2025
The Backup Plus extension for TYPO3 (ns_backup) has a Predictable Resource Location High
CVE-2025-48201 was published for nitsan/ns-backup (Composer) May 21, 2025
The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference High
CVE-2025-48205 was published for sjbr/sr-feuser-register (Composer) May 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database