Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,646
Maven
5,000+
npm
4,272
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,327 advisories

Loading
Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass High
CVE-2025-64500 was published for symfony/http-foundation (Composer) Nov 12, 2025
cs278 nicolas-grekas
Credited to cs278 and nicolas-grekas
TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter High
CVE-2025-64519 was published for torrentpier/torrentpier (Composer) Nov 10, 2025
XY20130630
Credited to XY20130630
Magento affected by a server-side denial-of-service using a GraphQL field High
CVE-2021-36044 was published for magento/community-edition (Composer) May 24, 2022
Magento affected by a blind SSRF vulnerability in the bundled dotmailer extension High
CVE-2021-36043 was published for magento/community-edition (Composer) May 24, 2022
Magento vulnerable to file upload attack High
CVE-2021-36041 was published for magento/community-edition (Composer) May 24, 2022
Magento affected by remote code execution via a file upload High
CVE-2021-36034 was published for magento/community-edition (Composer) May 24, 2022
Magento is affected by an os command injection via the Data collection endpoint High
CVE-2021-36024 was published for magento/community-edition (Composer) May 24, 2022
Magento is affected by an improper input validation vulnerability High
CVE-2021-36032 was published for magento/community-edition (Composer) May 24, 2022
Magento allows attackers to alter the price of items High
CVE-2021-36030 was published for magento/community-edition (Composer) May 24, 2022
Magento Path Traversal vulnerability via the `theme[preview_image]` parameter High
CVE-2021-36031 was published for magento/community-edition (Composer) May 24, 2022
Magento improper authorization vulnerability High
CVE-2021-36029 was published for magento/community-edition (Composer) May 24, 2022
Magento XML Injection vulnerability in the Widgets Update Layout High
CVE-2021-36022 was published for magento/community-edition (Composer) May 24, 2022
Magento XML Injection vulnerability in the 'City' field High
CVE-2021-36020 was published for magento/community-edition (Composer) May 24, 2022
Magento DOM-based Cross-Site Scripting (XSS) vulnerability High
CVE-2024-39400 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Path Traversal vulnerability High
CVE-2024-39399 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Stored Cross-Site Scripting (XSS) vulnerability High
CVE-2024-39403 was published for magento/community-edition (Composer) Aug 14, 2024
Magento does not properly restrict excessive authentication attempts High
CVE-2024-39398 was published for magento/community-edition (Composer) Aug 14, 2024
Magento OS Command ('OS Command Injection') vulnerability High
CVE-2024-39402 was published for magento/community-edition (Composer) Aug 14, 2024
Magento OS Command ('OS Command Injection') vulnerability High
CVE-2024-39401 was published for magento/community-edition (Composer) Aug 14, 2024
MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling High
CVE-2025-47776 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
dregad piru
Credited to dregad and piru
Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document High
CVE-2024-11954 was published for pimcore/pimcore (Composer) Jan 28, 2025
maeitsec
Credited to maeitsec
Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag High
CVE-2024-35226 was published for smarty/smarty (Composer) May 29, 2024
TrixterTheTux
Credited to TrixterTheTux
smarty Cross-site Scripting vulnerability in Javascript escaping High
CVE-2023-28447 was published for smarty/smarty (Composer) Mar 29, 2023
takaram
Credited to takaram
TCPDF has incorrect comparison High
CVE-2024-56522 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
Statamic Vulnerable to Superadmin Account Takeover via Stored Cross-Site Scripting and Lack of Proper X-CSRF-TOKEN Server-Side Validation High
CVE-2025-64112 was published for statamic/cms (Composer) Oct 30, 2025
wojtekchwala
Credited to wojtekchwala
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database