Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,618
Maven
5,000+
npm
4,255
NuGet
760
pip
4,042
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,307 advisories

Loading
TCPDF has incorrect comparison High
CVE-2024-56522 was published for tecnickcom/tcpdf (Composer) Dec 27, 2024
MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling High
CVE-2025-47776 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
dregad piru
Credited to dregad and piru
Statamic Vulnerable to Superadmin Account Takeover via Stored Cross-Site Scripting and Lack of Proper X-CSRF-TOKEN Server-Side Validation High
CVE-2025-64112 was published for statamic/cms (Composer) Oct 30, 2025
wojtekchwala
Credited to wojtekchwala
Drupal Acquia DAM allows Forceful Browsing High
CVE-2025-9954 was published for drupal/acquia_dam (Composer) Oct 30, 2025
Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass High
CVE-2025-12466 was published for drupal/simple_oauth (Composer) Oct 30, 2025
Drupal CivicTheme Design System allows Forceful Browsing High
CVE-2025-12082 was published for drupal/civictheme (Composer) Oct 30, 2025
Moodle vulnerable to brute-force password guesses High
CVE-2025-62399 was published for moodle/moodle (Composer) Oct 23, 2025
Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality High
CVE-2025-62617 was published for admidio/admidio (Composer) Oct 22, 2025
XY20130630
Credited to XY20130630
Magento Improper Authorization leading to security feature bypass High
CVE-2025-43585 was published for magento/community-edition (Composer) Jun 10, 2025
Magento Cross-Site Request Forgery (CSRF) vulnerability High
CVE-2025-49555 was published for magento/community-edition (Composer) Aug 12, 2025
Craft CMS has a potential RCE with a compromised security key High
CVE-2025-23209 was published for craftcms/cms (Composer) Jan 21, 2025
Account Takeover in Octobercms High
CVE-2021-32648 was published for october/system (Composer) Aug 30, 2021
SSRF in adminer High
CVE-2021-21311 was published for vrana/adminer (Composer) Feb 11, 2021
bpsizemore UNC1739
Credited to bpsizemore and UNC1739
Directory Traversal in Archive_Tar High
CVE-2020-36193 was published for pear/archive_tar (Composer) Apr 22, 2021
Drupal core Unrestricted Upload of File with Dangerous Type High
CVE-2020-13671 was published for drupal/core (Composer) Oct 12, 2021
Multiple vulnerabilities through filename manipulation in Archive_Tar High
CVE-2020-28949 was published for pear/archive_tar (Composer) Apr 22, 2021
Drupal Core Remote Code Execution Vulnerability High
CVE-2019-6340 was published for drupal/core (Composer) May 13, 2022
Magento has incorrect authorization issue that leads to arbitrary file system read High
CVE-2025-49556 was published for magento/community-edition (Composer) Aug 12, 2025
Magento vulnerable to denial of service High
CVE-2025-49554 was published for magento/community-edition (Composer) Aug 12, 2025
Magento vulnerable to stored Cross-Site Scripting (XSS) High
CVE-2025-54264 was published for magento/community-edition (Composer) Oct 14, 2025
Magento provides incorrect authorization through a security feature bypass High
CVE-2025-54263 was published for magento/community-edition (Composer) Oct 14, 2025
Bagisto is vulnerable to XSS through Admin Panel's product creation path High
CVE-2025-60880 was published for bagisto/bagisto (Composer) Oct 10, 2025
Mautic allows Improper Authorization in Reporting API High
CVE-2024-47053 was published for mautic/core (Composer) Feb 26, 2025
escopecz patrykgruszka
Credited to escopecz and patrykgruszka
phpMyFAQ duplicate email registration allows multiple accounts with the same email High
CVE-2025-59943 was published for thorsten/phpmyfaq (Composer) Oct 3, 2025
halas98
Credited to halas98
Dolibarr vulnerable to RCE via the computed field parameter High
CVE-2025-56588 was published for dolibarr/dolibarr (Composer) Oct 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database