Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,719
Maven
5,000+
npm
4,329
NuGet
762
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

308 advisories

Loading
Dolibarr Cross-site Scripting vulnerability Low
CVE-2024-55227 was published for dolibarr/dolibarr (Composer) Jan 27, 2025
Dolibarr Cross-site Scripting vulnerability Low
CVE-2024-55228 was published for dolibarr/dolibarr (Composer) Jan 27, 2025
DevDojo Voyager vulnerable to reflected Cross-site Scripting Low
CVE-2024-55416 was published for tcg/voyager (Composer) Jan 30, 2025
Magento incorrect user permissions vulnerability within the Inventory component Low
CVE-2020-24403 was published for magento/community-edition (Composer) May 24, 2022
Leantime has Missing Authorization Check for Host Parameter Low
GHSA-3hfj-qcvj-4hx8 was published for leantime/leantime (Composer) Feb 21, 2025
harshilsecurify
Credited to harshilsecurify
Leantime allows Cross-Site Scripting (XSS) Low
GHSA-f679-254h-qhvj was published for leantime/leantime (Composer) Feb 21, 2025
justWalsdi
Credited to justWalsdi
Moodle has a stored XSS in ddimageortext question type Low
CVE-2025-26528 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle has an IDOR in badges allows disabling of arbitrary badges Low
CVE-2025-26531 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle allows teachers to evade trusttext config when restoring glossary entries Low
CVE-2025-26532 was published for moodle/moodle (Composer) Feb 24, 2025
Magento Improper Access Control vulnerability Low
CVE-2025-24429 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability Low
CVE-2025-24430 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability Low
CVE-2025-24432 was published for magento/community-edition (Composer) Feb 11, 2025
Magento LTS vulnerable to stored XSS in theme config fields Low
CVE-2025-27400 was published for openmage/magento-lts (Composer) Mar 3, 2025
justlife4x4
Credited to justlife4x4
Magento Open Source affected by Improper Input Validation Low
CVE-2023-29293 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source allows Incorrect Authorization Low
CVE-2023-29295 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source has Business Logic Errors Vulnerability Low
CVE-2023-29294 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source allows Cross-Site Scripting (XSS) Low
CVE-2023-22249 was published for magento/community-edition (Composer) Jul 6, 2023
Magento Open Source allows XML Injection Low
CVE-2023-38207 was published for magento/community-edition (Composer) Aug 9, 2023
Magento Open Source allows Incorrect Authorization Low
CVE-2023-29296 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source allows Cross-Site Scripting (XSS) Low
CVE-2023-38219 was published for magento/community-edition (Composer) Oct 13, 2023
MODX allows cross-site scripting (XSS) via an SVG file Low
CVE-2025-28010 was published for modx/revolution (Composer) Mar 13, 2025
Pimcore's Admin Classic Bundle allows HTML Injection Low
CVE-2025-30166 was published for pimcore/admin-ui-classic-bundle (Composer) Apr 8, 2025
typo3/cms-felogin Cross-site Scripting vulnerability Low
CVE-2008-5656 was published for typo3/cms-felogin (Composer) May 17, 2022
TYPO3 Direct Mail Extension Vulnerable to Cross-Site Scripting (XSS) Low
CVE-2009-4159 was published for directmailteam/direct-mail (Composer) May 2, 2022
SilverStripe vulnerable to Cross-site Scripting Low
CVE-2010-1593 was published for silverstripe/cms (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database