Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

186 advisories

Loading
FeehiCMS Has a Remote Code Execution via Unrestricted File Upload in Ad Management Moderate
CVE-2025-65657 was published for feehi/cms (Composer) Dec 2, 2025
Magento affected by a server-side denial-of-service using a GraphQL field High
CVE-2021-36044 was published for magento/community-edition (Composer) May 24, 2022
Magento executes code via the API File Option Upload Extension Critical
CVE-2021-36042 was published for magento/community-edition (Composer) May 24, 2022
Magento vulnerable to file upload attack High
CVE-2021-36041 was published for magento/community-edition (Composer) May 24, 2022
Magento has a file extension restrictions bypass Critical
CVE-2021-36040 was published for magento/community-edition (Composer) May 24, 2022
Magento discloses sensitive information via the Multishipping Module Moderate
CVE-2021-36038 was published for magento/community-edition (Composer) May 24, 2022
Magento affected by remote code execution via a file upload High
CVE-2021-36034 was published for magento/community-edition (Composer) May 24, 2022
Magento is affected by an improper input validation vulnerability while saving a customer's details Critical
CVE-2021-36025 was published for magento/community-edition (Composer) May 24, 2022
Magento is affected by an improper input validation vulnerability High
CVE-2021-36032 was published for magento/community-edition (Composer) May 24, 2022
Magento allows attackers to alter the price of items High
CVE-2021-36030 was published for magento/community-edition (Composer) May 24, 2022
Magento affected by remote code execution vulnerability in the CMS page scheduled update feature Critical
CVE-2021-36021 was published for magento/community-edition (Composer) Sep 6, 2023
Symfony has an incorrect response from Validator when input ends with `\n` Low
CVE-2024-50343 was published for symfony/symfony (Composer) Nov 6, 2024
offscriptian alexandre-daubois
Credited to offscriptian and alexandre-daubois
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors() Critical
CVE-2020-13756 was published for sabberworm/php-css-parser (Composer) Mar 26, 2022
Magento Community Edition Improper Input Validation vulnerability Critical
CVE-2025-54236 was published for magento/community-edition (Composer) Sep 9, 2025
Magento improper input validation vulnerability Critical
CVE-2022-24086 was published for magento/community-edition (Composer) Feb 17, 2022
Drupal Core Remote Code Execution Vulnerability Critical
CVE-2018-7600 was published for drupal/core (Composer) May 14, 2022
Magento vulnerable to denial of service High
CVE-2025-49554 was published for magento/community-edition (Composer) Aug 12, 2025
TinyEnv: Inline comments not stripped properly in .env values Moderate
CVE-2025-58759 was published for datahihi1/tiny-env (Composer) Sep 9, 2025
Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page Low
CVE-2025-8573 was published for concrete5/concrete5 (Composer) Aug 6, 2025
Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page Moderate
CVE-2025-8571 was published for concrete5/concrete5 (Composer) Aug 6, 2025
Laravel Rest Api has a Search Validation Bypass Moderate
CVE-2025-48490 was published for lomkit/laravel-rest-api (Composer) May 27, 2025
edepauw
Credited to edepauw
Easy!Appointments Denial of Service (DoS) Moderate
CVE-2025-29448 was published for alextselegidis/easyappointments (Composer) May 7, 2025
Browsershot does not validate URL protocols passed to Browsershot URL method High
CVE-2022-41706 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
Credited to tdunlap607
Browsershot version 3.57.3 vulnerable to improper input validation Moderate
CVE-2022-43984 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
Credited to tdunlap607
Typo3 Host Header Spoofing Vulnerability Moderate
CVE-2014-3941 was published for typo3/cms (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database