Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,489
Maven
5,000+
npm
4,105
NuGet
735
pip
3,927
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,772 advisories

Loading
Presta Shop vulnerable to email enumeration Moderate
CVE-2025-51586 was published for prestashop/prestashop (Composer) Sep 4, 2025
Mautic Vulnerable to User Enumeration via Response Timing Moderate
CVE-2025-9824 was published for mautic/core (Composer) Sep 3, 2025
Vautia kuzmany
Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add Moderate
CVE-2025-9823 was published for mautic/core (Composer) Sep 3, 2025
nmmorette kuzmany
patrykgruszka
Mautic vulnerable to secret data extraction via elfinder Moderate
CVE-2025-9822 was published for mautic/core (Composer) Sep 3, 2025
B0D0B0P0T lenonleite
kuzmany
Symfony UX allows unsanitized HTML attribute injection via ComponentAttributes Moderate
CVE-2025-47946 was published for symfony/ux-live-component (Composer) May 19, 2025
DRaichev mhlozek
smnandre
Contao does not properly manage privileges for page and article fields Moderate
CVE-2025-57759 was published for contao/contao (Composer) Aug 28, 2025
lukasbableck
Contao applies improper access control in the back end voters Moderate
CVE-2025-57758 was published for contao/contao (Composer) Aug 28, 2025
Contao can disclose sensitive information in the news module Moderate
CVE-2025-57757 was published for contao/contao (Composer) Aug 28, 2025
fritzmg
Contao discloses sensitive information in the front end search index Moderate
CVE-2025-57756 was published for contao/contao (Composer) Aug 28, 2025
fritzmg
Easy!Appointments SQL injection vulnerability Moderate
CVE-2025-50383 was published for alextselegidis/easyappointments (Composer) Aug 26, 2025
Craft CMS Potential Remote Code Execution via Twig SSTI Moderate
CVE-2025-57811 was published for craftcms/cms (Composer) Aug 25, 2025
singetu0096
UnoPim has Stored Cross-site Scripting vulnerability in user creation functionality Moderate
CVE-2025-55742 was published for unopim/unopim (Composer) Aug 21, 2025
sn1p3rt3s7
UnoPim vulnerable to CSRF on Product edit feature and creation of other types Moderate
CVE-2025-55744 was published for unopim/unopim (Composer) Aug 21, 2025
sn1p3rt3s7
MoonShine Arbitrary File Upload Vulnerability Moderate
CVE-2025-51489 was published for moonshine/moonshine (Composer) Aug 19, 2025
moonshine Stored Cross-Site Scripting Vulnerability in Create Admin Moderate
CVE-2025-51488 was published for moonshine/moonshine (Composer) Aug 19, 2025
moonshine Stored Cross-Site Scripting Vulnerability in Create Article Moderate
CVE-2025-51487 was published for moonshine/moonshine (Composer) Aug 19, 2025
MoonShine SQL Injection Vulnerability Moderate
CVE-2025-51510 was published for moonshine/moonshine (Composer) Aug 19, 2025
WP Crontrol Authenticated (Administrator+) plugin vulnerable to Blind Server-Side Request Forgery Moderate
CVE-2025-8678 was published for johnbillion/wp-crontrol (Composer) Aug 19, 2025
jFriedli
LibreNMS allows stored XSS in Alert Template name field Moderate
CVE-2025-55296 was published for librenms/librenms (Composer) Aug 18, 2025
at4111
thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames Moderate
CVE-2024-55889 was published for thorsten/phpmyfaq (Composer) Dec 13, 2024
geo-chen
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ Moderate
CVE-2024-56199 was published for phpmyfaq/phpmyfaq (Composer) Jan 2, 2025
geo-chen
svg-sanitizer Bypasses Attribute Sanitization Moderate
CVE-2025-55166 was published for enshrined/svg-sanitize (Composer) Aug 12, 2025
ohader realazizk
Bagist Cross-site Scripting vulnerability Moderate
CVE-2024-27499 was published for bagisto/bagisto (Composer) Mar 1, 2024
MantisBT may disclose project names to unauthorized users Moderate
CVE-2023-44394 was published for mantisbt/mantisbt (Composer) Oct 17, 2023
Craft CMS has a theoretical bypass for CVE-2025-23209 Moderate
CVE-2025-54417 was published for craftcms/cms (Composer) Aug 8, 2025
angrybrad timkelty
segfault-it
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database