Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,377
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

5,483 advisories

Loading
YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter" High
CVE-2026-34598 was published for yeswiki/yeswiki (Composer) Apr 1, 2026
kh0kamoni Credited to kh0kamoni
CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS Critical
CVE-2026-34557 was published for ci4-cms-erp/ci4ms (Composer) Apr 1, 2026
bugmithlegend Credited to bugmithlegend and peeefour peeefour peeefour
CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS Critical
CVE-2026-34558 was published for ci4-cms-erp/ci4ms (Composer) Apr 1, 2026
bugmithlegend Credited to bugmithlegend and peeefour peeefour peeefour
AVideo has Stored XSS via Unescaped Plugin Configuration Values in Admin Panel Moderate
CVE-2026-34396 was published for wwbn/avideo (Composer) Mar 31, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo vulnerable to Mass User PII Disclosure via Missing Authorization in YPTWallet users.json.php Moderate
CVE-2026-34395 was published for wwbn/avideo (Composer) Mar 31, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo's CSRF on Admin Plugin Configuration Enables Payment Credential Hijacking High
CVE-2026-34394 was published for wwbn/avideo (Composer) Mar 31, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Graby has stored XSS via iframe srcdoc Attribute in htmLawed Sanitization Config Low
GHSA-3h6j-9x8m-rg3g was published for j0k3r/graby (Composer) Mar 31, 2026
tikket1 Credited to tikket1
Admidio has CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter Moderate
CVE-2026-34383 was published for admidio/admidio (Composer) Mar 31, 2026
offset Credited to offset
Admidio has Missing CSRF Protection on Registration Approval Actions Moderate
CVE-2026-34384 was published for admidio/admidio (Composer) Mar 31, 2026
offset Credited to offset
Admidio has Missing CSRF Protections on Custom List Deletion in mylist_function.php Moderate
CVE-2026-34382 was published for admidio/admidio (Composer) Mar 31, 2026
JFOZ1010 Credited to JFOZ1010
Admidio allows Unauthenticated Access to Role-Restricted documents via neutralized .htaccess High
CVE-2026-34381 was published for admidio/admidio (Composer) Mar 31, 2026
JFOZ1010 Credited to JFOZ1010
baserCMS is Vulnerable to Cross-site Scripting High
CVE-2026-32734 was published for baserproject/basercms (Composer) Mar 31, 2026
phpMyFAQ is Vulnerable to Stored XSS via Unsanitized Email Field in Admin FAQ Editor Moderate
CVE-2026-32629 was published for phpmyfaq/phpmyfaq (Composer) Mar 31, 2026
baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API High
CVE-2026-30940 was published for baserproject/basercms (Composer) Mar 31, 2026
kaminuma Credited to kaminuma
baserCMS has OS command injection vulnerability in installer Critical
CVE-2026-30880 was published for baserproject/basercms (Composer) Mar 31, 2026
baserCMS has a cross-site scripting vulnerability in blog posts Moderate
CVE-2026-30879 was published for baserproject/basercms (Composer) Mar 31, 2026
baserCMS has Mail Form Acceptance Bypass via Public API Moderate
CVE-2026-30878 was published for baserproject/basercms (Composer) Mar 31, 2026
melonattacker Credited to melonattacker
baserCMS Update Functionality Vulnerable to OS Command Injection Critical
CVE-2026-30877 was published for baserproject/basercms (Composer) Mar 31, 2026
EricUeda Credited to EricUeda
baserCMS has an SQL injection vulnerability in its blog post functionality Moderate
CVE-2026-27697 was published for baserproject/basercms (Composer) Mar 31, 2026
baserCMS has OS Command Injection Leading to Remote Code Execution (RCE) Critical
CVE-2026-21861 was published for baserproject/basercms (Composer) Mar 31, 2026
kaminuma Credited to kaminuma
baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE) High
CVE-2025-32957 was published for baserproject/basercms (Composer) Mar 31, 2026
MinhhhCuonggg Credited to MinhhhCuonggg and Vatvo69 Vatvo69 Vatvo69
Sulu checks fix permissions for subentities endpoints Moderate
CVE-2026-34372 was published for sulu/sulu (Composer) Mar 30, 2026
sh4dowalker Credited to sh4dowalker
Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php Moderate
CVE-2026-34036 was published for dolibarr/dolibarr (Composer) Mar 27, 2026
cnf409 Credited to cnf409
ci4-cms-erp/ci4ms: System Settings (Mail Settings) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS Moderate
CVE-2026-27599 was published for ci4-cms-erp/ci4ms (Composer) Mar 30, 2026
bugmithlegend Credited to bugmithlegend, peeefour, and LAW6ZX7 peeefour peeefour
LAW6ZX7 LAW6ZX7
AVideo Vulnerable to Reflected XSS via Unsanitized plugin Parameter in YPTWallet Stripe Payment Page High
CVE-2026-34375 was published for wwbn/avideo (Composer) Mar 30, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database