Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,819
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,046
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,820 advisories

Loading
Moodle self enrollment available before completing second factor with MFA enabled Moderate
CVE-2025-3634 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle makes some user data available before completing second factor with MFA enabled Moderate
CVE-2025-3627 was published for moodle/moodle (Composer) Apr 25, 2025
Craft CMS Allows Remote Code Execution Critical
CVE-2025-32432 was published for craftcms/cms (Composer) Apr 25, 2025
Laravel Starter Cross Site Scripting (XSS) Moderate
CVE-2025-26159 was published for nasirkhan/laravel-starter (Composer) Apr 22, 2025
croogo Host header injection Moderate
CVE-2024-29643 was published for croogo/croogo (Composer) Apr 21, 2025
PEAR HTTP_Request2 vulnerable to Cross-site Scripting Moderate
CVE-2025-43717 was published for pear/http_request2 (Composer) Apr 17, 2025
DevDojo Voyager Argument Injection vulnerability Critical
CVE-2025-32931 was published for tcg/voyager (Composer) Apr 14, 2025
Formie has XSS vulnerability for email notification content for preview Moderate
CVE-2025-32426 was published for verbb/formie (Composer) Apr 11, 2025
Formie has XSS vulnerability for importing forms Moderate
CVE-2025-32427 was published for verbb/formie (Composer) Apr 11, 2025
Yii does not prevent XSS in scenarios where fallback error renderer is used Moderate
CVE-2025-32027 was published for yiisoft/yii (Composer) Apr 11, 2025
lgrewe
Silverstripe Framework user enumeration via timing attack on login and password reset forms Moderate
GHSA-256q-hx8w-xcqx was published for silverstripe/framework (Composer) Apr 10, 2025
Silverstripe Framework has a XSS vulnerability in HTML editor Moderate
CVE-2025-30148 was published for silverstripe/framework (Composer) Apr 10, 2025
Silverstripe cross-site scripting (XSS) attack in elemental "Content blocks in use" report Moderate
CVE-2025-25197 was published for dnadesign/silverstripe-elemental (Composer) Apr 10, 2025
ibexa/fieldtype-richtext allows access to external entities in XML High
GHSA-cj3w-g42v-wcj6 was published for ibexa/fieldtype-richtext (Composer) Apr 10, 2025
ezsystems/ezplatform-richtext allows access to external entities in XML High
GHSA-2jqj-5qv2-xvcg was published for ezsystems/ezplatform-richtext (Composer) Apr 10, 2025
yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key Critical
CVE-2024-58136 was published for yiisoft/yii2 (Composer) Apr 10, 2025
Shopware default newsletter opt-in settings allow for mass sign-up abuse Low
CVE-2025-32378 was published for shopware/core (Composer) Apr 9, 2025
wallabag/wallabag Has Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities Moderate
GHSA-5pm7-cp8f-p2c2 was published for wallabag/wallabag (Composer) Apr 9, 2025
yguedidi
Magento Improper Authorization vulnerability Moderate
CVE-2025-27188 was published for magento/community-edition (Composer) Apr 8, 2025
Joomla CMS Multi-Factor Authentication Bypass High
CVE-2025-25227 was published for joomla/joomla-cms (Composer) Apr 8, 2025
Joomla Framework Database Package Vulnerable to SQL Injection Moderate
CVE-2025-25226 was published for joomla/database (Composer) Apr 8, 2025
Shopware Broken ACL on Document retrieval to access other customers documents Moderate
GHSA-68wv-g3fw-pq7q was published for shopware/core (Composer) Apr 8, 2025
Shopware Vulnerable to Blind SQL-injection in DAL aggregations High
CVE-2025-27892 was published for shopware/core (Composer) Apr 8, 2025
Pimcore's Admin Classic Bundle allows HTML Injection Low
CVE-2025-30166 was published for pimcore/admin-ui-classic-bundle (Composer) Apr 8, 2025
Shopware allows Denial Of Service via password length High
CVE-2025-30151 was published for shopware/core (Composer) Apr 8, 2025
bsmietana
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database