Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

20 advisories

Loading
EGroupware Vulnerable to Local File Inclusion via file:// URI in Mail Compose Moderate
CVE-2026-45016 was published for egroupware/egroupware (Composer) Jul 7, 2026
smitocaru Credited to smitocaru
Mautic vulnerable to Path Traversal via Campaign Import Critical
CVE-2026-9559 was published for mautic/core (Composer) Jul 2, 2026
nglong05 Credited to nglong05, f3nrir77, escopecz, patrykgruszka, and LeuchtfeuerDigitalMarketing f3nrir77 f3nrir77
escopecz escopecz patrykgruszka patrykgruszka LeuchtfeuerDigitalMarketing LeuchtfeuerDigitalMarketing
EasyAdminBundle has path traversal and reflected XSS in Flag and Icon Twig components Moderate
GHSA-2wwr-9x6f-88gp was published for easycorp/easyadmin-bundle (Composer) Jul 1, 2026
PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles Low
CVE-2026-49358 was published for pontedilana/php-weasyprint (Composer) Jun 26, 2026
offset Credited to offset
Duplicate Advisory: phpMyFAQ: Path traversal in Client::deleteClientFolder enables arbitrary directory deletion by non-super-admin admins High
GHSA-rmqr-h98c-qg2m was published for phpMyFAQ/phpMyFAQ (Composer) May 15, 2026 withdrawn
Grav Form Plugin has an Anonymous Page Content Overwrite via Form File Upload filename Override High
CVE-2026-42845 was published for getgrav/grav-plugin-form (Composer) May 6, 2026
fr0stydev Credited to fr0stydev
baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API High
CVE-2026-30940 was published for baserproject/basercms (Composer) Mar 31, 2026
kaminuma Credited to kaminuma
gr00ve3 Credited to gr00ve3
PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal Moderate
CVE-2025-64714 was published for privatebin/privatebin (Composer) Nov 14, 2025
esnard Credited to esnard, elrido, and rugk elrido elrido
rugk rugk
HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter Moderate
CVE-2025-49138 was published for elmsln/haxcms (Composer) Jun 9, 2025
Indigo-10 Credited to Indigo-10
Remote code execution in web server context High
CVE-2024-37295 was published for aimeos/aimeos-core (Composer) Jun 5, 2024
ssshah2131 Credited to ssshah2131
timber/timber vulnerable to Deserialization of Untrusted Data High
CVE-2024-29800 was published for timber/timber (Composer) Apr 12, 2024
Sonicrrrr Credited to Sonicrrrr and dennisenderink dennisenderink dennisenderink
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE Critical
GHSA-97m3-52wr-xvv2 was published for phenx/php-svg-lib (Composer) Feb 22, 2024
Blaklis Credited to Blaklis, ErwanGuillon, and bsweeney ErwanGuillon ErwanGuillon
bsweeney bsweeney
php-svg-lib lacks path validation on font through SVG inline styles Moderate
CVE-2024-25117 was published for phenx/php-svg-lib (Composer) Feb 21, 2024
Moodle External Control of File Name or Path vulnerability Moderate
CVE-2023-30943 was published for moodle/moodle (Composer) May 2, 2023
TeamPass External Control of File Name or Path vulnerability High
CVE-2023-1070 was published for nilsteampassnet/teampass (Composer) Feb 27, 2023
Dompdf before v2.0.0 vulnerable to chroot check bypass Moderate
CVE-2022-2400 was published for dompdf/dompdf (Composer) Jul 19, 2022
Upload whitelisted files to any directory in OctoberCMS Low
CVE-2020-5297 was published for october/cms (Composer) Jun 3, 2020
staz0t Credited to staz0t
Arbitrary File Deletion vulnerability in OctoberCMS Moderate
CVE-2020-5296 was published for october/cms (Composer) Jun 3, 2020
staz0t Credited to staz0t
ProTip! Advisories are also available from the GraphQL API