Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,109
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,780 advisories

Loading
WP Crontrol Authenticated (Administrator+) plugin vulnerable to Blind Server-Side Request Forgery Moderate
CVE-2025-8678 was published for johnbillion/wp-crontrol (Composer) Aug 19, 2025
jFriedli
LibreNMS allows stored XSS in Alert Template name field Moderate
CVE-2025-55296 was published for librenms/librenms (Composer) Aug 18, 2025
at4111
thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames Moderate
CVE-2024-55889 was published for thorsten/phpmyfaq (Composer) Dec 13, 2024
geo-chen
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ Moderate
CVE-2024-56199 was published for phpmyfaq/phpmyfaq (Composer) Jan 2, 2025
geo-chen
svg-sanitizer Bypasses Attribute Sanitization Moderate
CVE-2025-55166 was published for enshrined/svg-sanitize (Composer) Aug 12, 2025
ohader realazizk
Bagist Cross-site Scripting vulnerability Moderate
CVE-2024-27499 was published for bagisto/bagisto (Composer) Mar 1, 2024
MantisBT may disclose project names to unauthorized users Moderate
CVE-2023-44394 was published for mantisbt/mantisbt (Composer) Oct 17, 2023
Craft CMS has a theoretical bypass for CVE-2025-23209 Moderate
CVE-2025-54417 was published for craftcms/cms (Composer) Aug 8, 2025
angrybrad timkelty
segfault-it
Shopware race condition bypasses voucher restrictions Moderate
CVE-2025-7954 was published for shopware/platform (Composer) Aug 6, 2025
Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page Moderate
CVE-2025-8571 was published for concrete5/concrete5 (Composer) Aug 6, 2025
FPDI allows Memory Exhaustion (OOM) in PDF Parser which leads to Denial of Service Moderate
CVE-2025-54869 was published for setasign/fpdi (Composer) Aug 5, 2025
N0zoM1z0
Microweber XSS Vulnerability in the homepage Endpoint Moderate
CVE-2025-51504 was published for microweber/microweber (Composer) Aug 1, 2025
Microweber has Reflected XSS Vulnerability in the layout Parameter Moderate
CVE-2025-51502 was published for microweber/microweber (Composer) Aug 1, 2025
Microweber has Reflected XSS Vulnerability in the id Parameter Moderate
CVE-2025-51501 was published for microweber/microweber (Composer) Aug 1, 2025
Withdrawn Advisory: CodeIgniter4 Cross-Site Scripting Vulnerability in debugbar_time Parameter Moderate
CVE-2025-45406 was published for codeigniter4/framework (Composer) Jul 25, 2025 withdrawn
michalsn
HAX CMS application pages vulnerable to clickjacking Moderate
CVE-2025-54139 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 21, 2025
lfgberg odransfield
pubnub Insufficient Entropy vulnerability Moderate
CVE-2023-26154 was published for Pubnub (RubyGems) Dec 6, 2023
Femanager extension for TYPO3 allows Insecure Direct Object Reference Moderate
CVE-2025-7900 was published for in2code/femanager (Composer) Jul 22, 2025
Powermail extension for TYPO3 allows Insecure Direct Object Reference Moderate
CVE-2025-7899 was published for in2code/powermail (Composer) Jul 22, 2025
Filemanager is vulnerable to Relative Path Traversal through filemanager.php Moderate
CVE-2025-46002 was published for simogeo/filemanager (Composer) Jul 18, 2025
MODX Revolution vulnerable to XSS attack through its User Photo field Moderate
CVE-2018-20755 was published for modx/revolution (Composer) May 14, 2022
MODX Revolution allows XSS via document resources Moderate
CVE-2018-20756 was published for modx/revolution (Composer) May 14, 2022
MODX Revolution allows XSS through extended user fields Moderate
CVE-2018-20757 was published for modx/revolution (Composer) May 14, 2022
phpThumb is vulnerable to Command Injection through its gif_outputAsJpeg function Moderate
CVE-2025-52994 was published for james-heinrich/phpthumb (Composer) Jul 11, 2025
MODX vulnerability allows for XSS via user settings parameters Moderate
CVE-2018-20758 was published for modx/revolution (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database