Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5,037 advisories

Loading
Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add Moderate
CVE-2025-9823 was published for mautic/core (Composer) Sep 3, 2025
nmmorette kuzmany
patrykgruszka
Credited to nmmorette, kuzmany, and patrykgruszka
Mautic vulnerable to secret data extraction via elfinder Moderate
CVE-2025-9822 was published for mautic/core (Composer) Sep 3, 2025
B0D0B0P0T lenonleite
kuzmany
Credited to B0D0B0P0T, lenonleite, and kuzmany
Mautic vulnerable to SSRF via webhook function Low
CVE-2025-9821 was published for mautic/core (Composer) Sep 3, 2025
asesidaa patrykgruszka
kuzmany lukehebe
Credited to asesidaa, patrykgruszka, kuzmany, and lukehebe
PocketMine-MP `ResourcePackDataInfoPacket` amplification vulnerability due to lack of resource pack sequence status checking High
GHSA-fqqv-56h5-f57g was published for pocketmine/pocketmine-mp (Composer) Sep 2, 2025
Zwuiix-cmd dktapps
Credited to Zwuiix-cmd and dktapps
Contao does not properly manage privileges for page and article fields Moderate
CVE-2025-57759 was published for contao/contao (Composer) Aug 28, 2025
lukasbableck
Credited to lukasbableck
Contao can disclose sensitive information in the news module Moderate
CVE-2025-57757 was published for contao/contao (Composer) Aug 28, 2025
fritzmg
Credited to fritzmg
Contao discloses sensitive information in the front end search index Moderate
CVE-2025-57756 was published for contao/contao (Composer) Aug 28, 2025
fritzmg
Credited to fritzmg
Contao applies improper access control in the back end voters Moderate
CVE-2025-57758 was published for contao/contao (Composer) Aug 28, 2025
The Freeform CraftCMS plugin contains an Server-side template injection (SSTI) vulnerability Critical
CVE-2025-52122 was published for solspace/craft-freeform (Composer) Aug 27, 2025
Badaso CMS file upload vulnerability High
CVE-2025-52353 was published for badaso/core (Composer) Aug 26, 2025
Easy!Appointments SQL injection vulnerability Moderate
CVE-2025-50383 was published for alextselegidis/easyappointments (Composer) Aug 26, 2025
Craft CMS Potential Remote Code Execution via Twig SSTI Moderate
CVE-2025-57811 was published for craftcms/cms (Composer) Aug 25, 2025
singetu0096
Credited to singetu0096
Adminer PHP Object Injection issue leads to Denial of Service High
CVE-2025-43960 was published for vrana/adminer (Composer) Aug 25, 2025
PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser High
CVE-2025-54370 was published for phpoffice/phpspreadsheet (Composer) Aug 25, 2025
UnoPim has CSV Injection on Quick Export feature Low
CVE-2025-55745 was published for unopim/unopim (Composer) Aug 22, 2025
sn1p3rt3s7
Credited to sn1p3rt3s7
UnoPim has Broken Access Control High
CVE-2025-55741 was published for unopim/unopim (Composer) Aug 22, 2025
0xcharb
Credited to 0xcharb
UnoPim vulnerable to CSRF on Product edit feature and creation of other types Moderate
CVE-2025-55744 was published for unopim/unopim (Composer) Aug 21, 2025
sn1p3rt3s7
Credited to sn1p3rt3s7
UnoPim vulnerable to remote code execution through Arbitrary File upload High
CVE-2025-55743 was published for unopim/unopim (Composer) Aug 21, 2025
sn1p3rt3s7
Credited to sn1p3rt3s7
UnoPim has Stored Cross-site Scripting vulnerability in user creation functionality Moderate
CVE-2025-55742 was published for unopim/unopim (Composer) Aug 21, 2025
sn1p3rt3s7
Credited to sn1p3rt3s7
WP Crontrol Authenticated (Administrator+) plugin vulnerable to Blind Server-Side Request Forgery Moderate
CVE-2025-8678 was published for johnbillion/wp-crontrol (Composer) Aug 19, 2025
jFriedli
Credited to jFriedli
MoonShine SQL Injection Vulnerability Moderate
CVE-2025-51510 was published for moonshine/moonshine (Composer) Aug 19, 2025
moonshine Stored Cross-Site Scripting Vulnerability in Create Article Moderate
CVE-2025-51487 was published for moonshine/moonshine (Composer) Aug 19, 2025
moonshine Stored Cross-Site Scripting Vulnerability in Create Admin Moderate
CVE-2025-51488 was published for moonshine/moonshine (Composer) Aug 19, 2025
MoonShine Arbitrary File Upload Vulnerability Moderate
CVE-2025-51489 was published for moonshine/moonshine (Composer) Aug 19, 2025
LibreNMS allows stored XSS in Alert Template name field Moderate
CVE-2025-55296 was published for librenms/librenms (Composer) Aug 18, 2025
aschoiloa1890
Credited to aschoiloa1890
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database