Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,291
NuGet
760
pip
4,070
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

306 advisories

Loading
phppgadmin vulnerable to Cross-site Scripting Low
CVE-2025-60796 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels Low
CVE-2025-13083 was published for drupal/core (Composer) Nov 18, 2025
Drupal core allows Forceful Browsing Low
CVE-2025-13080 was published for drupal/core (Composer) Nov 18, 2025
Drupal core allows Content Spoofing Low
CVE-2025-13082 was published for drupal/core (Composer) Nov 18, 2025
Drupal Simple multi step form allows Cross-Site Scripting Low
CVE-2025-12761 was published for drupal/simple_multistep (Composer) Nov 18, 2025
LibreNMS has Weak Password Policy Low
CVE-2025-65014 was published for librenms/librenms (Composer) Nov 18, 2025
marcelomulder
Credited to marcelomulder
PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users Low
CVE-2025-64711 was published for privatebin/privatebin (Composer) Nov 14, 2025
esnard rugk
Ribas160
Credited to esnard, rugk, and Ribas160
Drupal Umami Analytics allows Cross-Site Scripting (XSS) Low
CVE-2025-10931 was published for drupal/umami_analytics (Composer) Oct 30, 2025
Shopware vulnerable to Server-Side Request Forgery (SSRF) – order invoice Low
GHSA-3cpp-fv95-mpr5 was published for shopware/core (Composer) Oct 21, 2025
larskemper
Credited to larskemper
Shopware vulnerable to path traversal via Plugin upload Low
GHSA-6wh5-mw9h-5c3w was published for shopware/core (Composer) Oct 21, 2025
TastyIgniter vulnerable to Cross-Site Scripting Low
CVE-2025-61417 was published for tastyigniter/tastyigniter (Composer) Oct 20, 2025
LibreNMS alert-rules has a Cross-Site Scripting Vulnerability Low
CVE-2025-62412 was published for librenms/librenms (Composer) Oct 16, 2025
zdi-disclosures
Credited to zdi-disclosures
PrestaShop Checkout Target PayPal merchant account hijacking from backoffice Low
CVE-2025-61924 was published for prestashop/ps_checkout (Composer) Oct 16, 2025
iNem0o
Credited to iNem0o
drupal-pattern-lab/unified-twig-extensions is vulnerable to XXS Low
CVE-2025-11570 was published for drupal-pattern-lab/unified-twig-extensions (Composer) Oct 10, 2025
NovoSGA: Manipulation of User Creation Page can lead to weak password requirements Low
CVE-2025-11322 was published for novosga/novosga (Composer) Oct 6, 2025
Auth0 Symfony SDK Does Not Properly Handle File Types in Bulk User Import Low
GHSA-7jp2-5h22-m432 was published for auth0/symfony (Composer) Oct 1, 2025
Auth0 Wordpress plugin Does Not Properly Handle File Types in Bulk User Import Low
GHSA-w22c-pw5m-482x was published for auth0/wordpress (Composer) Oct 1, 2025
laravel-auth0 SDK Does Not Properly Handle File Types in Bulk User Import Low
GHSA-hjfh-5jmm-xr24 was published for auth0/login (Composer) Oct 1, 2025
auth0-PHP SDK Does Not Properly Handle File Types in Bulk User Import Low
CVE-2025-58769 was published for auth0/auth0-php (Composer) Oct 1, 2025
Mangati NovoSGA XSS vulnerability in /admin Low
CVE-2025-10909 was published for novosga/novosga (Composer) Sep 24, 2025
GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability Low
CVE-2025-57407 was published for gp247/core (Composer) Sep 23, 2025
TYPO3 "Form to Database" extension susceptible to Cross-site Scripting Low
CVE-2025-10316 was published for lavitto/typo3-form-to-database (Composer) Sep 16, 2025
Mautic vulnerable to SSRF via webhook function Low
CVE-2025-9821 was published for mautic/core (Composer) Sep 3, 2025
asesidaa patrykgruszka
kuzmany lukehebe
Credited to asesidaa, patrykgruszka, kuzmany, and lukehebe
UnoPim has CSV Injection on Quick Export feature Low
CVE-2025-55745 was published for unopim/unopim (Composer) Aug 22, 2025
sn1p3rt3s7
Credited to sn1p3rt3s7
Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page Low
CVE-2025-8573 was published for concrete5/concrete5 (Composer) Aug 6, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database