GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
2,869 advisories
REDAXO CMS is vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
Moderate
CVE-2025-66026
was published
for
redaxo/source
(Composer)
Nov 25, 2025
Contao is vulnerable to remote code execution in template closures
Moderate
CVE-2025-65960
was published
for
contao/core-bundle
(Composer)
Nov 25, 2025
Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags
Moderate
CVE-2025-65956
was published
for
getformwork/formwork
(Composer)
Nov 24, 2025
MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2020-15883
was published
for
munkireport/managedinstalls
(Composer)
May 24, 2022
MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment
Moderate
CVE-2020-15885
was published
for
munkireport/comment
(Composer)
May 24, 2022
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14041
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint
Moderate
CVE-2025-65093
was published
for
librenms/librenms
(Composer)
Nov 18, 2025
LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
Moderate
CVE-2025-65013
was published
for
librenms/librenms
(Composer)
Nov 18, 2025
MantisBT unauthorized disclosure of private project column configuration
Moderate
CVE-2025-62520
was published
for
mantisbt/mantisbt
(Composer)
Nov 3, 2025
Shopware 6's password recovery link does not expire after email change
Moderate
GHSA-2w46-vq8h-98vh
was published
for
shopware/core
(Composer)
Nov 14, 2025
PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal
Moderate
CVE-2025-64714
was published
for
privatebin/privatebin
(Composer)
Nov 14, 2025
pimcore/admin-ui-classic-bundle Unverified Password Change
Moderate
CVE-2023-5844
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Oct 31, 2023
ProTip!
Advisories are also available from the
GraphQL API