Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,110
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,290 advisories

Loading
Uvdesk remote code execution vulnerability High
CVE-2023-0265 was published for uvdesk/community-skeleton (Composer) Apr 5, 2023
Composer has multiple command injections via malicious git/hg branch names High
CVE-2024-35242 was published for composer/composer (Composer) Jun 10, 2024
haqpl
Composer Remote Code Execution vulnerability via web-accessible composer.phar High
CVE-2023-43655 was published for composer/composer (Composer) Sep 29, 2023
thomas-chauchefoin-sonarsource
Account Takeover in Octobercms High
CVE-2021-32648 was published for october/system (Composer) Aug 30, 2021
Duplicate Advisory: Mautic has insufficient authentication in upgrade flow High
GHSA-5hc5-fxr9-5frc was published for mautic/core (Composer) Sep 19, 2024 withdrawn
Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi) High
GHSA-v4q9-437p-mhpg was published for leantime/leantime (Composer) Feb 21, 2025
0xROI
Leantime allows Stored Cross-Site Scripting (XSS) High
GHSA-c39w-3pjx-qc7m was published for leantime/leantime (Composer) Feb 21, 2025
mnqazi
Moodle has an arbitrary file read risk through pdfTeX High
CVE-2025-26525 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle has a stored XSS risk in admin live log High
CVE-2025-26529 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle allows reflected XSS via question bank filter High
CVE-2025-26530 was published for moodle/moodle (Composer) Feb 24, 2025
Mautic allows Improper Authorization in Reporting API High
CVE-2024-47053 was published for mautic/core (Composer) Feb 26, 2025
escopecz patrykgruszka
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24414 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24410 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24416 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24415 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24413 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability High
CVE-2025-24411 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24412 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Stored Cross-Site Scripting (XSS) Vulnerability High
CVE-2025-24417 was published for magento/community-edition (Composer) Feb 11, 2025
Magento stored Cross-Site Scripting (XSS) vulnerability High
CVE-2025-24438 was published for magento/community-edition (Composer) Feb 11, 2025
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
Magento Open Source allows Stored Cross-Site Scripting (Stored XSS) High
CVE-2022-35698 was published for magento/community-edition (Composer) Oct 15, 2022
Magento Open Source allows XML Injection High
CVE-2023-22247 was published for magento/community-edition (Composer) Mar 27, 2023
Magento Open Source allows Improper Neutralization of Special Elements Used High
CVE-2023-29297 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source allows Improper Neutralization of Special Elements Used High
CVE-2023-38208 was published for magento/community-edition (Composer) Aug 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database