Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,819
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,046
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

512 advisories

Loading
CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability Critical
CVE-2025-54418 was published for codeigniter4/framework (Composer) Jul 28, 2025
vicevirus
nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability Critical
CVE-2025-54082 was published for manogi/nova-tiptap (Composer) Jul 21, 2025
vintagesucks
simogeo/filemanager arbitrary file upload vulnerability Critical
CVE-2025-46001 was published for simogeo/filemanager (Composer) Jul 18, 2025
Livewire is vulnerable to remote command execution during component property update hydration Critical
CVE-2025-54068 was published for livewire/livewire (Composer) Jul 17, 2025
LaRecipe is vulnerable to Server-Side Template Injection attacks Critical
CVE-2025-53833 was published for binarytorch/larecipe (Composer) Jul 14, 2025
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution Critical
CVE-2025-49132 was published for pterodactyl/panel (Composer) Jun 19, 2025
azimoff337
Magneto contains stored XSS vulnerability Critical
CVE-2025-47110 was published for magento/community-edition (Composer) Jun 10, 2025
laravel-auth0 SDK Deserialization of Untrusted Data vulnerability Critical
GHSA-c42h-56wx-h85q was published for auth0/login (Composer) Jun 6, 2025
Auth0 Symfony SDK Deserialization of Untrusted Data vulnerability Critical
GHSA-98j6-67v3-mw34 was published for auth0/symfony (Composer) Jun 6, 2025
Auth0 Wordpress Plugin vulnerable to Deserialization of Untrusted Data Critical
GHSA-862m-5253-832r was published for auth0/wordpress (Composer) Jun 5, 2025
Auth0-PHP SDK Deserialization of Untrusted Data vulnerability Critical
CVE-2025-48951 was published for auth0/auth0-php (Composer) Jun 4, 2025
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization Critical
CVE-2025-49113 was published for roundcube/roundcubemail (Composer) Jun 2, 2025
Malayke
The Front End User Registration extension for TYPO3 (sr_feuser_register) Remote Code Execution Critical
CVE-2025-48200 was published for sjbr/sr-feuser-register (Composer) May 21, 2025
laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-9fwj-9mjf-rhj3 was published for auth0/login (Composer) May 17, 2025
Sideni
Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-2f4r-34m4-3w8q was published for auth0/wordpress (Composer) May 17, 2025
Sideni
Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-9wg9-93h9-j8ch was published for auth0/symfony (Composer) May 17, 2025
Sideni
Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK Critical
CVE-2025-47275 was published for auth0/auth0-php (Composer) May 16, 2025
Sideni kevinroh-okta
SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Critical
CVE-2025-46337 was published for adodb/adodb-php (Composer) May 1, 2025
mrcnpp dregad
ShowDoc unrestricted file upload vulnerability Critical
CVE-2025-0520 was published for showdoc/showdoc (Composer) Apr 29, 2025
YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download Critical
CVE-2025-46348 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
pizza-power
Craft CMS Allows Remote Code Execution Critical
CVE-2025-32432 was published for craftcms/cms (Composer) Apr 25, 2025
DevDojo Voyager Argument Injection vulnerability Critical
CVE-2025-32931 was published for tcg/voyager (Composer) Apr 14, 2025
yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key Critical
CVE-2024-58136 was published for yiisoft/yii2 (Composer) Apr 10, 2025
Volt Allows RCE Via User-Crafted Requests Critical
CVE-2025-27517 was published for livewire/volt (Composer) Mar 5, 2025
angelej
Mautic allows Remote Code Execution and File Deletion in Asset Uploads Critical
CVE-2024-47051 was published for mautic/core (Composer) Feb 26, 2025
mallo-m patrykgruszka
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database