GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
5,013 advisories
TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter
High
CVE-2025-64519
was published
for
torrentpier/torrentpier
(Composer)
Nov 10, 2025
pimcore/admin-ui-classic-bundle Unverified Password Change
Moderate
CVE-2023-5844
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Oct 31, 2023
PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal
Moderate
CVE-2025-64714
was published
for
privatebin/privatebin
(Composer)
Nov 14, 2025
PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users
Low
CVE-2025-64711
was published
for
privatebin/privatebin
(Composer)
Nov 14, 2025
Shopware 6's password recovery link does not expire after email change
Moderate
GHSA-2w46-vq8h-98vh
was published
for
shopware/core
(Composer)
Nov 14, 2025
MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling
High
CVE-2025-47776
was published
for
mantisbt/mantisbt
(Composer)
Nov 3, 2025
MantisBT unauthorized disclosure of private project column configuration
Moderate
CVE-2025-62520
was published
for
mantisbt/mantisbt
(Composer)
Nov 3, 2025
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass
High
CVE-2025-64500
was published
for
symfony/http-foundation
(Composer)
Nov 12, 2025
phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality
High
CVE-2025-62519
was published
for
phpmyfaq/phpmyfaq
(Composer)
Nov 17, 2025
ProTip!
Advisories are also available from the
GraphQL API