Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,974
Maven
5,000+
npm
4,621
NuGet
788
pip
4,317
Pub
12
RubyGems
984
Rust
1,131
Swift
49
Unreviewed advisories
All unreviewed
5,000+

326 advisories

Loading
Craft CMS Vulnerable to Stored XSS in Entry Types Name Low
CVE-2026-25491 was published for craftcms/cms (Composer) Feb 9, 2026
mHe4am
Credited to mHe4am
Microweber has a Cross-site Scripting vulnerability Low
CVE-2025-70791 was published for microweber/microweber (Composer) Feb 5, 2026
Microweber Cross-site Scripting vulnerability Low
CVE-2025-70792 was published for microweber/microweber (Composer) Feb 5, 2026
Winter CMS has Stored Cross-site Scripting (XSS) in Asset Manager Low
CVE-2026-22254 was published for winter/wn-cms-module (Composer) Feb 4, 2026
iamunixtz
Credited to iamunixtz
Moodle Open Redirect vulnerability Low
CVE-2025-67852 was published for moodle/moodle (Composer) Feb 3, 2026
Freeform Craft Plugin CP UI (builder/integrations) has Stored Cross-Site Scripting (XSS) issue Low
CVE-2026-26188 was published for solspace/craft-freeform (Composer) Jan 22, 2026
Prav33N-Sec kjmartens
Credited to Prav33N-Sec and kjmartens
MineAdmin May Expose Sensitive Information to an Unauthorized Actor Low
CVE-2026-1196 was published for mineadmin/mineadmin (Composer) Jan 20, 2026
MineAdmin improperly refreshes tokens Low
CVE-2026-1195 was published for mineadmin/mineadmin (Composer) Jan 20, 2026
MineAdmin has Incorrect Privilege Assignment Low
CVE-2026-1193 was published for mineadmin/mineadmin (Composer) Jan 20, 2026
solspace/craft-freeform Exposed to Known Axios Vulnerabilities via Precompiled Assets Low
GHSA-rwr8-xrpw-9qf5 was published for solspace/craft-freeform (Composer) Jan 15, 2026
solspace/craft-freeform Vulnerable to XSS in `PhpSpreadsheet` HTML Writer Due to Unsanitized Styling Data Low
GHSA-44jg-mv3h-wj6g was published for solspace/craft-freeform (Composer) Jan 15, 2026
riekusdn
Credited to riekusdn
solspace/craft-freeform Has a DoS Vulnerability Low
GHSA-58q2-9x27-h2jm was published for solspace/craft-freeform (Composer) Jan 15, 2026
LeonBatch
Credited to LeonBatch
Composer is vulnerable to ANSI sequence injection Low
CVE-2025-67746 was published for composer/composer (Composer) Dec 30, 2025
cs278
Credited to cs278
Pterodactyl has a Reflected XSS vulnerability in “Create New Database Host” Low
GHSA-mgr9-6c2j-jxrq was published for pterodactyl/panel (Composer) Dec 30, 2025
4rdr
Credited to 4rdr
AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE Low
CVE-2025-67737 was published for azuracast/azuracast (Composer) Dec 11, 2025
Cillian-Collins
Credited to Cillian-Collins
alexusmai laravel-file-manager is vulnerable to Directory Traversal Low
CVE-2025-65345 was published for alexusmai/laravel-file-manager (Composer) Dec 3, 2025
yungifez Skuul School Management System vulnerable to XSS via SVG Low
CVE-2025-13784 was published for yungifez/skuul (Composer) Nov 30, 2025
Skuul School Management System has a Sensitive Data Exposure Vulnerability in Uploaded Images Low
CVE-2025-13785 was published for yungifez/skuul (Composer) Nov 30, 2025
Contao is vulnerable to cross-site scripting in templates Low
CVE-2025-65961 was published for contao/core-bundle (Composer) Nov 25, 2025
ausi m-vo
Credited to ausi and m-vo
phppgadmin vulnerable to Cross-site Scripting Low
CVE-2025-60796 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels Low
CVE-2025-13083 was published for drupal/core (Composer) Nov 18, 2025
Drupal core allows Forceful Browsing Low
CVE-2025-13080 was published for drupal/core (Composer) Nov 18, 2025
Drupal core allows Content Spoofing Low
CVE-2025-13082 was published for drupal/core (Composer) Nov 18, 2025
Drupal Simple multi step form allows Cross-Site Scripting Low
CVE-2025-12761 was published for drupal/simple_multistep (Composer) Nov 18, 2025
LibreNMS has Weak Password Policy Low
CVE-2025-65014 was published for librenms/librenms (Composer) Nov 18, 2025
marcelomulder
Credited to marcelomulder
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database