Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

5,484 advisories

Loading
YesWiki has Multiple Reflected Cross-site Scripting Vulnerabilities Moderate
GHSA-5724-x3rh-5qqq was published for yeswiki/yeswiki (Composer) Apr 1, 2026
pizza-power Credited to pizza-power
YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter" High
CVE-2026-34598 was published for yeswiki/yeswiki (Composer) Apr 1, 2026
kh0kamoni Credited to kh0kamoni
CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS Critical
CVE-2026-34557 was published for ci4-cms-erp/ci4ms (Composer) Apr 1, 2026
bugmithlegend Credited to bugmithlegend and peeefour peeefour peeefour
CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS Critical
CVE-2026-34558 was published for ci4-cms-erp/ci4ms (Composer) Apr 1, 2026
bugmithlegend Credited to bugmithlegend and peeefour peeefour peeefour
AVideo has Stored XSS via Unescaped Plugin Configuration Values in Admin Panel Moderate
CVE-2026-34396 was published for wwbn/avideo (Composer) Mar 31, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo vulnerable to Mass User PII Disclosure via Missing Authorization in YPTWallet users.json.php Moderate
CVE-2026-34395 was published for wwbn/avideo (Composer) Mar 31, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
AVideo's CSRF on Admin Plugin Configuration Enables Payment Credential Hijacking High
CVE-2026-34394 was published for wwbn/avideo (Composer) Mar 31, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
Graby has stored XSS via iframe srcdoc Attribute in htmLawed Sanitization Config Low
GHSA-3h6j-9x8m-rg3g was published for j0k3r/graby (Composer) Mar 31, 2026
tikket1 Credited to tikket1
Admidio has CSRF and Form Validation Bypass in Inventory Item Save via `imported` Parameter Moderate
CVE-2026-34383 was published for admidio/admidio (Composer) Mar 31, 2026
offset Credited to offset
Admidio has Missing CSRF Protection on Registration Approval Actions Moderate
CVE-2026-34384 was published for admidio/admidio (Composer) Mar 31, 2026
offset Credited to offset
Admidio has Missing CSRF Protections on Custom List Deletion in mylist_function.php Moderate
CVE-2026-34382 was published for admidio/admidio (Composer) Mar 31, 2026
JFOZ1010 Credited to JFOZ1010
Admidio allows Unauthenticated Access to Role-Restricted documents via neutralized .htaccess High
CVE-2026-34381 was published for admidio/admidio (Composer) Mar 31, 2026
JFOZ1010 Credited to JFOZ1010
baserCMS is Vulnerable to Cross-site Scripting High
CVE-2026-32734 was published for baserproject/basercms (Composer) Mar 31, 2026
phpMyFAQ is Vulnerable to Stored XSS via Unsanitized Email Field in Admin FAQ Editor Moderate
CVE-2026-32629 was published for phpmyfaq/phpmyfaq (Composer) Mar 31, 2026
baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API High
CVE-2026-30940 was published for baserproject/basercms (Composer) Mar 31, 2026
kaminuma Credited to kaminuma
baserCMS has OS command injection vulnerability in installer Critical
CVE-2026-30880 was published for baserproject/basercms (Composer) Mar 31, 2026
baserCMS has a cross-site scripting vulnerability in blog posts Moderate
CVE-2026-30879 was published for baserproject/basercms (Composer) Mar 31, 2026
baserCMS has Mail Form Acceptance Bypass via Public API Moderate
CVE-2026-30878 was published for baserproject/basercms (Composer) Mar 31, 2026
melonattacker Credited to melonattacker
baserCMS Update Functionality Vulnerable to OS Command Injection Critical
CVE-2026-30877 was published for baserproject/basercms (Composer) Mar 31, 2026
EricUeda Credited to EricUeda
baserCMS has an SQL injection vulnerability in its blog post functionality Moderate
CVE-2026-27697 was published for baserproject/basercms (Composer) Mar 31, 2026
baserCMS has OS Command Injection Leading to Remote Code Execution (RCE) Critical
CVE-2026-21861 was published for baserproject/basercms (Composer) Mar 31, 2026
kaminuma Credited to kaminuma
baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE) High
CVE-2025-32957 was published for baserproject/basercms (Composer) Mar 31, 2026
MinhhhCuonggg Credited to MinhhhCuonggg and Vatvo69 Vatvo69 Vatvo69
Sulu checks fix permissions for subentities endpoints Moderate
CVE-2026-34372 was published for sulu/sulu (Composer) Mar 30, 2026
sh4dowalker Credited to sh4dowalker
Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php Moderate
CVE-2026-34036 was published for dolibarr/dolibarr (Composer) Mar 27, 2026
cnf409 Credited to cnf409
ci4-cms-erp/ci4ms: System Settings (Mail Settings) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS Moderate
CVE-2026-27599 was published for ci4-cms-erp/ci4ms (Composer) Mar 30, 2026
bugmithlegend Credited to bugmithlegend, peeefour, and LAW6ZX7 peeefour peeefour
LAW6ZX7 LAW6ZX7
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database