Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,016
Maven
5,000+
npm
4,737
NuGet
814
pip
4,347
Pub
12
RubyGems
987
Rust
1,140
Swift
50
Unreviewed advisories
All unreviewed
5,000+

542 advisories

Loading
Statamic is vulnerable to account takeover via password reset link injection Critical
CVE-2026-27593 was published for statamic/cms (Composer) Feb 24, 2026
Neosprings
Credited to Neosprings
Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization Critical
CVE-2026-26016 was published for pterodactyl/panel (Composer) Feb 17, 2026
duddnr0615k DaneEveritt
Credited to duddnr0615k and DaneEveritt
Known affected by Account Takeover via Password Reset Token Leakage Critical
CVE-2026-26273 was published for idno/known (Composer) Feb 13, 2026
IamLeandrooooo
Credited to IamLeandrooooo
OpenSTAManager has an OS Command Injection in P7M File Processing Critical
CVE-2025-69212 was published for devcode-it/openstamanager (Composer) Feb 6, 2026
lukasz-rybak
Credited to lukasz-rybak
CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor Critical
CVE-2026-25510 was published for ci4-cms-erp/ci4ms (Composer) Feb 2, 2026
Far-Horizons
Credited to Far-Horizons
Laravel Redis Horizontal Scaling Insecure Deserialization Critical
CVE-2026-23524 was published for laravel/reverb (Composer) Jan 21, 2026
m0h4mmad
Credited to m0h4mmad
Pagekit CMS has an Insecure Direct Object Reference (IDOR) in its User Role component Critical
CVE-2025-67165 was published for pagekit/pagekit (Composer) Dec 17, 2025
Pagekit CMS is vulnerable to OS Command Injection via Storage component Critical
CVE-2025-67164 was published for pagekit/pagekit (Composer) Dec 17, 2025
Grav may be vulnerable to SSRF attack via Twig Templates Critical
CVE-2025-66844 was published for getgrav/grav (Composer) Dec 15, 2025
MineAdmin has an insecure default password Critical
CVE-2025-65854 was published for mineadmin/mineadmin (Composer) Dec 12, 2025
Ibexa User Bundle is missing password change validation Critical
CVE-2025-67719 was published for ibexa/user (Composer) Dec 10, 2025
SAML PHP Toolkit Vulnerability on xmlseclibs CVE-2025-66475 Critical
GHSA-5j8p-438x-rgg5 was published for onelogin/php-saml (Composer) Dec 9, 2025
d0ge
Credited to d0ge
Neuron MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”) Critical
CVE-2025-67510 was published for neuron-core/neuron-ai (Composer) Dec 9, 2025
siewer
Credited to siewer
Mautic user without privileged access to the Marketplace can install and uninstall composer packages Critical
CVE-2025-13828 was published for mautic/core (Composer) Dec 2, 2025
driskell escopecz
patrykgruszka
Credited to driskell, escopecz, and patrykgruszka
bagisto has CSV Formula Injection in Create New Product Critical
CVE-2025-62417 was published for bagisto/bagisto (Composer) Oct 16, 2025
kiwi865
Credited to kiwi865
PrestaShop Checkout allows customer account takeover via email Critical
CVE-2025-61922 was published for prestashop/ps_checkout (Composer) Oct 16, 2025
iNem0o
Credited to iNem0o
Melis Platform CMS Unauthenticated Admin Account Creation Critical
CVE-2025-10352 was published for melisplatform/melis-core (Composer) Oct 8, 2025
ivansmc00
Credited to ivansmc00
Melis Platform CMS Unauthenticated File Upload Leading to RCE Critical
CVE-2025-10353 was published for melisplatform/melis-cms-slider (Composer) Oct 8, 2025
ivansmc00
Credited to ivansmc00
Melis Platform CMS SQL Injection Critical
CVE-2025-10351 was published for melisplatform/melis-cms (Composer) Oct 8, 2025
ivansmc00
Credited to ivansmc00
Magento Community Edition Improper Input Validation vulnerability Critical
CVE-2025-54236 was published for magento/community-edition (Composer) Sep 9, 2025
The Freeform CraftCMS plugin contains an Server-side template injection (SSTI) vulnerability Critical
CVE-2025-52122 was published for solspace/craft-freeform (Composer) Aug 27, 2025
ThinkPHP Path Traversal Vulnerability Critical
CVE-2025-50706 was published for topthink/framework (Composer) Aug 5, 2025
The ADOdb sqlite3 driver allows SQL injection Critical
CVE-2025-54119 was published for adodb/adodb-php (Composer) Aug 4, 2025
mrcnpp dregad
Credited to mrcnpp and dregad
CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability Critical
CVE-2025-54418 was published for codeigniter4/framework (Composer) Jul 28, 2025
vicevirus
Credited to vicevirus
nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability Critical
CVE-2025-54082 was published for manogi/nova-tiptap (Composer) Jul 21, 2025
vintagesucks
Credited to vintagesucks
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database