Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,870 advisories

Loading
Joomla CMS Multi-Factor Authentication Bypass High
CVE-2025-25227 was published for joomla/joomla-cms (Composer) Apr 8, 2025
Shopware allows Denial Of Service via password length High
CVE-2025-30151 was published for shopware/core (Composer) Apr 8, 2025
bsmietana
Shopware Broken ACL on Document retrieval to access other customers documents Moderate
GHSA-68wv-g3fw-pq7q was published for shopware/core (Composer) Apr 8, 2025
Pimcore's Admin Classic Bundle allows HTML Injection Low
CVE-2025-30166 was published for pimcore/admin-ui-classic-bundle (Composer) Apr 8, 2025
Browsershot Server-Side Request Forgery (SSRF) via setURL() Function High
CVE-2025-3192 was published for spatie/browsershot (Composer) Apr 4, 2025
Concrete CMS Vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Moderate
CVE-2025-3153 was published for concrete5/concrete5 (Composer) Apr 3, 2025
TYPO3 Reveals Sensitive Information via Direct Request to `misc/phpcheck/` High
CVE-2005-4875 was published for typo3/cms (Composer) May 1, 2022
API Platform Core can leak exceptions message that may contain sensitive information Moderate
CVE-2023-47639 was published for api-platform/core (Composer) Apr 3, 2025
Drupal Obfuscate Vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2025-3130 was published for drupal/obfuscate (Composer) Apr 3, 2025
Command injection in yiisoft/yii2-gii High
CVE-2020-36655 was published for yiisoft/yii2-gii (Composer) Jan 21, 2023
Drupal AI Vulnerable to OS Command Injection via Optional Automator Types Moderate
CVE-2025-31692 was published for drupal/ai (Composer) Apr 1, 2025
Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages Moderate
CVE-2025-3057 was published for drupal/core (Composer) Apr 1, 2025
wp-svg-upload WordPress plugin vulnerable to Stored Cross-site Scripting Moderate
CVE-2024-11847 was published for digimix/wp-svg-upload (Composer) Mar 26, 2025
Rudloff
Yeswiki Path Traversal vulnerability allows arbitrary read of files High
CVE-2025-31131 was published for yeswiki/yeswiki (Composer) Apr 1, 2025
masquerad3r
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) Moderate
CVE-2025-28094 was published for shopxo/shopxo (Composer) Mar 29, 2025
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Email Settings Moderate
CVE-2025-28093 was published for shopxo/shopxo (Composer) Mar 29, 2025
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Image Upload Moderate
CVE-2025-28092 was published for shopxo/shopxo (Composer) Mar 29, 2025
ConcreteCMS Cross-Site Scripting (XSS) via HTML Block Text Field Moderate
CVE-2025-2967 was published for concrete5/concrete5 (Composer) Mar 31, 2025
Leantime affected by Improper Neutralization of HTML Tags Moderate
CVE-2025-28254 was published for leantime/leantime (Composer) Feb 21, 2025
cyber-brent hugo-guzman
Duplicate Advisory: Leantime affected by Improper Neutralization of HTML Tags Moderate
GHSA-jf6p-4hgv-v6qh was published for leantime/leantime (Composer) Mar 28, 2025 withdrawn
XXE in SabreDAV High
CVE-2014-2055 was published for sabre/dav (Composer) May 17, 2022
PHPExcel vulnerable to XXE attacks through libxml Moderate
CVE-2014-2054 was published for phpoffice/phpexcel (Composer) May 17, 2022
Zenario uses Twig filters insecurely in the Twig Snippet plugin Critical
CVE-2024-34461 was published for tribalsystems/zenario (Composer) May 4, 2024
Dolibarr ERP CRM Code Injection vulnerability during installation Moderate
CVE-2024-29477 was published for dolibarr/dolibarr (Composer) Apr 3, 2024
Symfony vulnerable to command execution hijack on Windows with Process class High
CVE-2024-51736 was published for symfony/process (Composer) Nov 6, 2024
nicolas-grekas haqpl
paulblei
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database