Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,672
Maven
5,000+
npm
4,297
NuGet
760
pip
4,076
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,866 advisories

Loading
Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags Moderate
CVE-2025-65956 was published for getformwork/formwork (Composer) Nov 24, 2025
3m4n5
Credited to 3m4n5
phppgadmin contains a SQL injection vulnerability Moderate
CVE-2025-60798 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
phppgadmin contains an incorrect access control vulnerability Moderate
CVE-2025-60799 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
phppgadmin contains a SQL injection vulnerability Moderate
CVE-2025-60797 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow Moderate
CVE-2025-64027 was published for snipe/snipe-it (Composer) Nov 20, 2025
Backdrop CMS Host Header Injection vulnerability Moderate
CVE-2025-63828 was published for backdrop/backdrop (Composer) Nov 18, 2025
MongoDB driver extension affected by mongoc_bulk_operation_t's read of invalid memory Moderate
CVE-2025-12119 was published for mongodb/mongodb-extension (Composer) Nov 19, 2025
Drupal Email TFA allows Functionality Bypass Moderate
CVE-2025-12760 was published for drupal/email_tfa (Composer) Nov 18, 2025
MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2020-15883 was published for munkireport/managedinstalls (Composer) May 24, 2022
MarkLee131 coffeemakr
Credited to MarkLee131 and coffeemakr
MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment Moderate
CVE-2020-15885 was published for munkireport/comment (Composer) May 24, 2022
MarkLee131 coffeemakr
Credited to MarkLee131 and coffeemakr
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14041 was published for bootstrap (RubyGems) Sep 13, 2018
jenhae
Credited to jenhae
LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint Moderate
CVE-2025-65093 was published for librenms/librenms (Composer) Nov 18, 2025
marcelomulder
Credited to marcelomulder
LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name` Moderate
CVE-2025-65013 was published for librenms/librenms (Composer) Nov 18, 2025
marcelomulder
Credited to marcelomulder
Kirby CMS has cross-site scripting (XSS) in the changes dialog Moderate
CVE-2025-65012 was published for getkirby/cms (Composer) Nov 18, 2025
Drupal core allows Object Injection Moderate
CVE-2025-13081 was published for drupal/core (Composer) Nov 18, 2025
MantisBT unauthorized disclosure of private project column configuration Moderate
CVE-2025-62520 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
jrckmcsb atrol
dregad
Credited to jrckmcsb, atrol, and dregad
Shopware 6's password recovery link does not expire after email change Moderate
GHSA-2w46-vq8h-98vh was published for shopware/core (Composer) Nov 14, 2025
FlorianKe
Credited to FlorianKe
PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal Moderate
CVE-2025-64714 was published for privatebin/privatebin (Composer) Nov 14, 2025
esnard elrido
rugk
Credited to esnard, elrido, and rugk
pimcore/admin-ui-classic-bundle Unverified Password Change Moderate
CVE-2023-5844 was published for pimcore/admin-ui-classic-bundle (Composer) Oct 31, 2023
Th3l0newolf tjuyuxinzhang
Credited to Th3l0newolf and tjuyuxinzhang
Magento discloses sensitive information via the Multishipping Module Moderate
CVE-2021-36038 was published for magento/community-edition (Composer) May 24, 2022
Magento is affected by an improper authorization vulnerability Moderate
CVE-2021-36037 was published for magento/community-edition (Composer) May 24, 2022
Magento discloses sensitive information Moderate
CVE-2021-36039 was published for magento/community-edition (Composer) May 24, 2022
OpenMage vulnerable to XSS in Admin Notifications Moderate
CVE-2025-64174 was published for openmage/magento-lts (Composer) Nov 3, 2025
Judx
Credited to Judx
Magento stored cross-site scripting vulnerability in the customer address upload feature Moderate
CVE-2021-36026 was published for magento/community-edition (Composer) May 24, 2022
Magento stored cross-site scripting vulnerability Moderate
CVE-2021-36027 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database