Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
41
GitHub Actions
41
Go
3,051
Maven
5,000+
npm
4,791
NuGet
825
pip
4,389
Pub
12
RubyGems
988
Rust
1,145
Swift
50
Unreviewed advisories
All unreviewed
5,000+

331 advisories

Loading
Craft CMS has Stored XSS in Table Field in its "Row Heading" Column Type Low
GHSA-6j87-m5qx-9fqp was published for craftcms/cms (Composer) Feb 25, 2026
mHe4am Credited to mHe4am
funadmin: XSS through Value argument in Backend Interface component Low
CVE-2026-2897 was published for funadmin/funadmin (Composer) Feb 22, 2026
funadmin: Deserialization Vulnerability in Backend Endpoint via AuthCloudService getMember Function Low
CVE-2026-2898 was published for funadmin/funadmin (Composer) Feb 22, 2026
funadmin has Weak Password Recovery Mechanism for Forgotten Password Low
CVE-2026-2895 was published for funadmin/funadmin (Composer) Feb 22, 2026
Craft CMS Vulnerable to Stored XSS in Entry Types Name Low
CVE-2026-25491 was published for craftcms/cms (Composer) Feb 9, 2026
mHe4am Credited to mHe4am
Microweber Cross-site Scripting vulnerability Low
CVE-2025-70792 was published for microweber/microweber (Composer) Feb 5, 2026
Microweber has a Cross-site Scripting vulnerability Low
CVE-2025-70791 was published for microweber/microweber (Composer) Feb 5, 2026
Winter CMS has Stored Cross-site Scripting (XSS) in Asset Manager Low
CVE-2026-22254 was published for winter/wn-cms-module (Composer) Feb 4, 2026
iamunixtz Credited to iamunixtz
Moodle Open Redirect vulnerability Low
CVE-2025-67852 was published for moodle/moodle (Composer) Feb 3, 2026
Freeform Craft Plugin CP UI (builder/integrations) has Stored Cross-Site Scripting (XSS) issue Low
CVE-2026-26188 was published for solspace/craft-freeform (Composer) Jan 22, 2026
Pr4v33N-Sec Credited to Pr4v33N-Sec and kjmartens kjmartens kjmartens
MineAdmin improperly refreshes tokens Low
CVE-2026-1195 was published for mineadmin/mineadmin (Composer) Jan 20, 2026
MineAdmin May Expose Sensitive Information to an Unauthorized Actor Low
CVE-2026-1196 was published for mineadmin/mineadmin (Composer) Jan 20, 2026
MineAdmin has Incorrect Privilege Assignment Low
CVE-2026-1193 was published for mineadmin/mineadmin (Composer) Jan 20, 2026
solspace/craft-freeform Exposed to Known Axios Vulnerabilities via Precompiled Assets Low
GHSA-rwr8-xrpw-9qf5 was published for solspace/craft-freeform (Composer) Jan 15, 2026
solspace/craft-freeform Vulnerable to XSS in `PhpSpreadsheet` HTML Writer Due to Unsanitized Styling Data Low
GHSA-44jg-mv3h-wj6g was published for solspace/craft-freeform (Composer) Jan 15, 2026
riekusdn Credited to riekusdn
solspace/craft-freeform Has a DoS Vulnerability Low
GHSA-58q2-9x27-h2jm was published for solspace/craft-freeform (Composer) Jan 15, 2026
LeonBatch Credited to LeonBatch
Composer is vulnerable to ANSI sequence injection Low
CVE-2025-67746 was published for composer/composer (Composer) Dec 30, 2025
cs278 Credited to cs278
Pterodactyl has a Reflected XSS vulnerability in “Create New Database Host” Low
GHSA-mgr9-6c2j-jxrq was published for pterodactyl/panel (Composer) Dec 30, 2025
4rdr Credited to 4rdr
AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE Low
CVE-2025-67737 was published for azuracast/azuracast (Composer) Dec 11, 2025
Cillian-Collins Credited to Cillian-Collins
alexusmai laravel-file-manager is vulnerable to Directory Traversal Low
CVE-2025-65345 was published for alexusmai/laravel-file-manager (Composer) Dec 3, 2025
yungifez Skuul School Management System vulnerable to XSS via SVG Low
CVE-2025-13784 was published for yungifez/skuul (Composer) Nov 30, 2025
Skuul School Management System has a Sensitive Data Exposure Vulnerability in Uploaded Images Low
CVE-2025-13785 was published for yungifez/skuul (Composer) Nov 30, 2025
Contao is vulnerable to cross-site scripting in templates Low
CVE-2025-65961 was published for contao/core-bundle (Composer) Nov 25, 2025
ausi Credited to ausi and m-vo m-vo m-vo
phppgadmin vulnerable to Cross-site Scripting Low
CVE-2025-60796 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
Drupal core allows Content Spoofing Low
CVE-2025-13082 was published for drupal/core (Composer) Nov 18, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database