Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,034
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24 advisories

Loading
PrestaShop Checkout allows customer account takeover via email Critical
CVE-2025-61922 was published for prestashop/ps_checkout (Composer) Oct 16, 2025
iNem0o
Credited to iNem0o
laravel-auth0 SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-9fwj-9mjf-rhj3 was published for auth0/login (Composer) May 17, 2025
Sideni
Credited to Sideni
Auth0 Wordpress plugin Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-2f4r-34m4-3w8q was published for auth0/wordpress (Composer) May 17, 2025
Sideni
Credited to Sideni
Auth0 Symfony SDK Vulnerable to Brute Force Authentication Tags of CookieStore Sessions Critical
GHSA-9wg9-93h9-j8ch was published for auth0/symfony (Composer) May 17, 2025
Sideni
Credited to Sideni
Brute Force Authentication Tags of CookieStore Sessions in Auth0-PHP SDK Critical
CVE-2025-47275 was published for auth0/auth0-php (Composer) May 16, 2025
Sideni kevinroh-okta
Credited to Sideni and kevinroh-okta
YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download Critical
CVE-2025-46348 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
pizza-power
Credited to pizza-power
Magento Open Source Improper Authentication vulnerability Critical
CVE-2024-34103 was published for magento/community-edition (Composer) Jun 13, 2024
Remote Code Execution by uploading a phar file using frontmatter Critical
CVE-2024-27923 was published for getgrav/grav (Composer) Mar 6, 2024
Universe1122
Credited to Universe1122
Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section Critical
CVE-2023-28473 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Credited to MarkLee131
phpMyFAQ Improper Authentication vulnerability Critical
CVE-2023-0311 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter) Critical
CVE-2022-47408 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
ohader tdunlap607
Credited to ohader and tdunlap607
Magento Broken authentication and session managememt Critical
CVE-2019-8149 was published for magento/community-edition (Composer) May 24, 2022
Moodle Oauth 2 Insufficiently Protects Against Compromise Critical
CVE-2019-14880 was published for moodle/moodle (Composer) May 24, 2022
Dolibarr Improper Restriction of Excessive Authentication Attempts Critical
CVE-2020-7995 was published for dolibarr/dolibarr (Composer) May 24, 2022
TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash Critical
CVE-2014-3945 was published for typo3/cms (Composer) May 17, 2022
GeniXCMS Arbitrary User Password Reset Vulnerability Critical
CVE-2017-8827 was published for genix/cms (Composer) May 17, 2022
Symfony Authentication Bypass Critical
CVE-2018-11407 was published for symfony/security (Composer) May 14, 2022
Symfony Authentication Bypass Critical
CVE-2016-2403 was published for symfony/security (Composer) May 14, 2022
ThinkAdmin Administrator cookies still working after password change Critical
CVE-2019-11018 was published for zoujingli/thinkadmin (Composer) May 13, 2022
Contao Does Not Expire Tokens Correctly Critical
CVE-2019-10643 was published for contao/contao (Composer) May 13, 2022
Typo3 Authentication Bypass Critical
CVE-2011-4628 was published for typo3/cms (Composer) Apr 22, 2022
Authentication Bypass in ADOdb/ADOdb Critical
CVE-2021-3850 was published for adodb/adodb-php (Composer) Jan 27, 2022
meme-lord dregad
Credited to meme-lord and dregad
Showdoc File Upload Vulnerability Critical
CVE-2021-41745 was published for showdoc/showdoc (Composer) Oct 25, 2021
Authentication bypass in MAGMI Critical
CVE-2020-5777 was published for dweeves/magmi (Composer) May 6, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database