GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
2,780 advisories
starcitizentools/citizen-skin allows stored XSS in preference menu heading messages
Moderate
CVE-2025-49577
was published
for
starcitizentools/citizen-skin
(Composer)
Jun 13, 2025
starcitizentools/citizen-skin allows stored XSS in search no result messages
Moderate
CVE-2025-49576
was published
for
starcitizentools/citizen-skin
(Composer)
Jun 13, 2025
Citizen skin vulnerable to stored XSS through multiple system messages
Moderate
CVE-2025-49575
was published
for
starcitizentools/citizen-skin
(Composer)
Jun 11, 2025
HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter
Moderate
CVE-2025-49138
was published
for
elmsln/haxcms
(Composer)
Jun 9, 2025
Yii 2 Redis may expose AUTH parameters in logs in case of connection failure
Moderate
CVE-2025-48493
was published
for
yiisoft/yii2-redis
(Composer)
Jun 5, 2025
Mautic has an Open Redirect vulnerability on user unlock path.
Moderate
CVE-2025-5256
was published
for
mautic/core
(Composer)
May 28, 2025
Mautic segment cloning doesn't have a proper permission check
Moderate
CVE-2024-47055
was published
for
mautic/core
(Composer)
May 28, 2025
Mautic allows user name enumeration due to response time difference on password reset form
Moderate
CVE-2024-47057
was published
for
mautic/core
(Composer)
May 28, 2025
Mautic does not shield .env files from web traffic
Moderate
CVE-2024-47056
was published
for
mautic/core
(Composer)
May 28, 2025
Chrome PHP is missing encoding in `CssSelector`
Moderate
CVE-2025-48883
was published
for
chrome-php/chrome
(Composer)
May 28, 2025
Laravel Rest Api has a Search Validation Bypass
Moderate
CVE-2025-48490
was published
for
lomkit/laravel-rest-api
(Composer)
May 27, 2025
TYPO3 Allows Unrestricted File Upload in File Abstraction Layer
Moderate
CVE-2025-47939
was published
for
typo3/cms-core
(Composer)
May 20, 2025
Symfony UX allows unsanitized HTML attribute injection via ComponentAttributes
Moderate
CVE-2025-47946
was published
for
symfony/ux-live-component
(Composer)
May 19, 2025
tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting
Moderate
CVE-2024-11718
was published
for
couleurcitron/tarteaucitron-wp
(Composer)
May 15, 2025
Sulu vulnerable to XXE in SVG File upload Inspector
Moderate
CVE-2025-47778
was published
for
sulu/sulu
(Composer)
May 15, 2025
ProTip!
Advisories are also available from the
GraphQL API