Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,272 advisories

Loading
Citizen vulnerable to Stored XSS through short descriptions High
CVE-2025-53370 was published for starcitizentools/citizen-skin (Composer) Jul 3, 2025
SomeMWDev
starcitizentools/citizen-skin is vulnerable to Stored XSS attack in the legacy search bar through page descriptions High
CVE-2025-53368 was published for starcitizentools/citizen-skin (Composer) Jul 3, 2025
SomeMWDev
Citizen Short Description stored XSS vulnerability through wikitext High
CVE-2025-53369 was published for starcitizentools/short-description (Composer) Jul 3, 2025
SomeMWDev
Withdrawn Advisory: Daylight Studio FUEL-CMS SQLi Vulnerability High
CVE-2020-24950 was published for codeigniter/framework (Composer) Aug 11, 2023 withdrawn
raspap-webgui has a Directory Traversal vulnerability High
CVE-2025-44163 was published for billz/raspap-webgui (Composer) Jun 27, 2025
TabberNeue vulnerable to Stored XSS through wikitext High
CVE-2025-53093 was published for starcitizentools/tabber-neue (Composer) Jun 27, 2025
SomeMWDev
NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022
joshbressers
protobuf susceptible to buffer overflow High
CVE-2015-5237 was published for Google.Protobuf (Composer) May 13, 2022
Drupal Admin Audit Trail Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2025-48448 was published for drupal/admin_audit_trail (Composer) Jun 11, 2025
Drupal Commerce Alphabank Redirect Incorrect Authorization vulnerability High
CVE-2025-48446 was published for drupal/commerce_alphabank_redirect (Composer) Jun 11, 2025
Drupal Commerce Eurobank (Redirect) Incorrect Authorization vulnerability High
CVE-2025-48445 was published for drupal/commerce_eurobank_redirect (Composer) Jun 11, 2025
Hax CMS Stored Cross-Site Scripting vulnerability High
CVE-2025-49137 was published for elmsln/haxcms (Composer) Jun 9, 2025
lfgberg asareynolds
MantisBT Insufficient Session Expiration cookie string not reset after logout High
CVE-2009-20001 was published for mantisbt/mantisbt (Composer) Apr 21, 2022
Drupal core contains a potential PHP Object Injection vulnerability High
CVE-2024-55638 was published for drupal/core (Composer) Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability High
CVE-2024-55637 was published for drupal/core (Composer) Dec 10, 2024
TYPO3 Scheduler Module vulnerable to Cross-Site Request Forgery High
CVE-2024-55924 was published for typo3/cms-scheduler (Composer) Jan 14, 2025
shm0sby rosegabe
PHPOffice Math allows XXE when processing an XML file in the MathML format High
CVE-2025-48882 was published for phpoffice/math (Composer) May 29, 2025
Moodle SSRF Vulnerability High
CVE-2019-6970 was published for moodle/moodle (Composer) May 14, 2022
MantisBT CSV Injection unprivileged user access in csv_export.php High
CVE-2021-43257 was published for mantisbt/mantisbt (Composer) Apr 15, 2022
MantisBT Incorrect Authorization for bug_revision_view_page.php check High
CVE-2020-35849 was published for mantisbt/mantisbt (Composer) May 24, 2022
Unsafe deserialization in SmtpTransport in CakePHP High
CVE-2019-11458 was published for cakephp/cakephp (Composer) Dec 2, 2019
ravage84 decsecre583
MantisBT Remote Code Execution High
CVE-2019-15715 was published for mantisbt/mantisbt (Composer) May 24, 2022
phpMyAdmin Denial Of Service (DOS) attack High
CVE-2016-5706 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
decsecre583
The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference High
CVE-2025-48205 was published for sjbr/sr-feuser-register (Composer) May 21, 2025
The Backup Plus extension for TYPO3 (ns_backup) has a Predictable Resource Location High
CVE-2025-48201 was published for nitsan/ns-backup (Composer) May 21, 2025
ProTip! Advisories are also available from the GraphQL API