Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,646
Maven
5,000+
npm
4,273
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,852 advisories

Loading
TCPDF Local File Inclusion vulnerability Moderate
CVE-2024-51058 was published for tecnickcom/tcpdf (Composer) Nov 26, 2024
TCPDF Cross-site Scripting vulnerability Moderate
CVE-2024-32489 was published for tecnickcom/tcpdf (Composer) Apr 15, 2024
MongoDB Driver may publish events containing authentication-related data Moderate
CVE-2021-32050 was published for github.com/mongodb/mongo-swift-driver (Composer) Aug 29, 2023
Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite Moderate
CVE-2025-27794 was published for flarum/core (Composer) Mar 12, 2025
novacuum imorland
exside
Credited to novacuum, imorland, and exside
Drupal JSON Field is vulnerable to XSS Moderate
CVE-2025-10926 was published for drupal/json_field (Composer) Oct 30, 2025
Drupal Plausible tracking is vulnerable to XSS Moderate
CVE-2025-10927 was published for drupal/plausible_tracking (Composer) Oct 30, 2025
Drupal CivicTheme Design System allows Cross-Site Scripting (XSS) Moderate
CVE-2025-12083 was published for drupal/civictheme (Composer) Oct 30, 2025
Drupal Currency allows Cross Site Request Forgery Moderate
CVE-2025-10930 was published for drupal/currency (Composer) Oct 30, 2025
Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables Moderate
CVE-2025-10929 was published for drupal/reverse_proxy_header (Composer) Oct 30, 2025
Drupal Access code allows Brute Force Attempts Moderate
CVE-2025-10928 was published for drupal/access_code (Composer) Oct 30, 2025
PrivateBin is missing HTML sanitization of attached filename in file size hint Moderate
CVE-2025-62796 was published for privatebin/privatebin (Composer) Oct 28, 2025
Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax Moderate
CVE-2025-62798 was published for code16/sharp (Composer) Oct 29, 2025
robyfirnandoyusuf aguingand
Credited to robyfirnandoyusuf and aguingand
ProcessWire CMS vulnerable to resource-exhaustion Denial of Service Moderate
CVE-2025-60790 was published for processwire/processwire (Composer) Oct 21, 2025
Moodle course access permissions are not properly checked in course_output_fragment_course_overview Moderate
CVE-2025-62393 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle sends quiz-related messages to inactive/suspended users Moderate
CVE-2025-62394 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle exposed the names of hidden groups to users Moderate
CVE-2025-62400 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle has a time restriction bypass Moderate
CVE-2025-62401 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle's error handling leads to sensitive information disclosure Moderate
CVE-2025-62396 was published for moodle/moodle (Composer) Oct 23, 2025
Moodle does not properly enforce MFA Moderate
CVE-2025-62398 was published for moodle/moodle (Composer) Oct 23, 2025
Magento Improper Access Control Leads to Privilege escalation Moderate
CVE-2024-39419 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization leads to Security feature bypass Moderate
CVE-2024-39417 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization leads to Security feature bypass Moderate
CVE-2024-39416 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization Leading to Security feature bypass Moderate
CVE-2024-39415 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Access Control Leads to Privilege escalation Moderate
CVE-2024-39414 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Improper Authorization leads to security feature bypass Moderate
CVE-2024-39411 was published for magento/community-edition (Composer) Aug 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database