Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,649 advisories

Loading
ConcreteCMS Cross-Site Scripting (XSS) via HTML Block Text Field Moderate
CVE-2025-2967 was published for concrete5/concrete5 (Composer) Mar 31, 2025
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Image Upload Moderate
CVE-2025-28092 was published for shopxo/shopxo (Composer) Mar 29, 2025
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) Moderate
CVE-2025-28094 was published for shopxo/shopxo (Composer) Mar 29, 2025
ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Email Settings Moderate
CVE-2025-28093 was published for shopxo/shopxo (Composer) Mar 29, 2025
Duplicate Advisory: Leantime affected by Improper Neutralization of HTML Tags Moderate
GHSA-jf6p-4hgv-v6qh was published for leantime/leantime (Composer) Mar 28, 2025 withdrawn
wp-svg-upload WordPress plugin vulnerable to Stored Cross-site Scripting Moderate
CVE-2024-11847 was published for digimix/wp-svg-upload (Composer) Mar 26, 2025
Rudloff
Pixelfed may allow unauthorized actor to view private posts and private users Moderate
CVE-2025-30741 was published for pixelfed/pixelfed (Composer) Mar 25, 2025
API Platform Core does not call GraphQl securityAfterResolver Moderate
CVE-2025-23204 was published for api-platform/core (Composer) Mar 24, 2025
soyuka vinceAmstoutz
ausi
yiisoft Yii2 Deserialization of Untrusted Data Moderate
CVE-2025-2689 was published for yiisoft/yii2-dev (Composer) Mar 24, 2025
Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout Moderate
CVE-2025-30152 was published for sylius/paypal-plugin (Composer) Mar 19, 2025
Clickstorm SEO Allows Cross-Site Scripting (XSS) Moderate
CVE-2025-30081 was published for clickstorm/cs-seo (Composer) Mar 19, 2025
Additional TCA Allows Cross-Site Scripting (XSS) Moderate
CVE-2025-30083 was published for codingms/additional-tca (Composer) Mar 19, 2025
Contao Vulnerable to Cross-Site Scripting (XSS) through SVG uploads Moderate
CVE-2025-29790 was published for contao/core-bundle (Composer) Mar 18, 2025
TastyIgniter Has an Incorrect Access Control Vulnerability Moderate
CVE-2024-44314 was published for tastyigniter/tastyigniter (Composer) Mar 18, 2025
Sylius PayPal Plugin Payment Amount Manipulation Vulnerability Moderate
CVE-2025-29788 was published for sylius/paypal-plugin (Composer) Mar 17, 2025
migo315
Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite Moderate
CVE-2025-27794 was published for flarum/core (Composer) Mar 12, 2025
novacuum imorland
laravel-crud-wizard-free has File Validation Bypass Moderate
GHSA-3wgq-h4fr-cwg5 was published for macropay-solutions/laravel-crud-wizard-free (Composer) Mar 12, 2025
Pimcore Vulnerable to SQL Injection in getRelationFilterCondition Moderate
CVE-2025-27617 was published for pimcore/pimcore (Composer) Mar 11, 2025
cancan101
Froxlor has an HTML Injection Vulnerability Moderate
GHSA-26xq-m8xw-6373 was published for froxlor/froxlor (Composer) Mar 11, 2025
BenefactorYuvi
Froxlor allows Multiple Accounts to Share the Same Email Address Leading to Potential Privilege Escalation or Account Takeover Moderate
CVE-2025-29773 was published for froxlor/froxlor (Composer) Mar 11, 2025
halas98
Concrete CMS affected by a stored XSS in Folder Function.The "Add Folder" functionality Moderate
CVE-2025-0660 was published for concrete5/concrete5 (Composer) Mar 10, 2025
PocketMine-MP allows malicious client data to waste server resources due to lack of limits for explode() Moderate
GHSA-g274-c6jj-h78p was published for pocketmine/pocketmine-mp (Composer) Mar 10, 2025
Laravel framework susceptible to reflected cross-site scripting Moderate
CVE-2024-13919 was published for laravel/framework (Composer) Mar 10, 2025
Laravel framework susceptible to reflected cross-site scripting Moderate
CVE-2024-13918 was published for laravel/framework (Composer) Mar 10, 2025
DmitriyLewen xaldama
kalidor
Laravel has a File Validation Bypass Moderate
CVE-2025-27515 was published for laravel/framework (Composer) Mar 5, 2025
Jusb3 TrixterTheTux
tcytra
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database