GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,790
Erlang
36
GitHub Actions
29
Go
2,370
Maven
5,000+
npm
3,994
NuGet
720
pip
3,781
Pub
12
RubyGems
927
Rust
982
Swift
38
Unreviewed advisories
All unreviewed
5,000+
1,272 advisories
Filter by severity
Citizen vulnerable to Stored XSS through short descriptions
High
CVE-2025-53370
was published
for
starcitizentools/citizen-skin
(Composer)
Jul 3, 2025
starcitizentools/citizen-skin is vulnerable to Stored XSS attack in the legacy search bar through page descriptions
High
CVE-2025-53368
was published
for
starcitizentools/citizen-skin
(Composer)
Jul 3, 2025
Citizen Short Description stored XSS vulnerability through wikitext
High
CVE-2025-53369
was published
for
starcitizentools/short-description
(Composer)
Jul 3, 2025
Withdrawn Advisory: Daylight Studio FUEL-CMS SQLi Vulnerability
High
CVE-2020-24950
was published
for
codeigniter/framework
(Composer)
Aug 11, 2023
•
withdrawn
raspap-webgui has a Directory Traversal vulnerability
High
CVE-2025-44163
was published
for
billz/raspap-webgui
(Composer)
Jun 27, 2025
TabberNeue vulnerable to Stored XSS through wikitext
High
CVE-2025-53093
was published
for
starcitizentools/tabber-neue
(Composer)
Jun 27, 2025
NULL Pointer Dereference in Protocol Buffers
High
CVE-2021-22570
was published
for
Google.Protobuf
(Composer)
Jan 27, 2022
protobuf susceptible to buffer overflow
High
CVE-2015-5237
was published
for
Google.Protobuf
(Composer)
May 13, 2022
Drupal Admin Audit Trail Allocation of Resources Without Limits or Throttling vulnerability
High
CVE-2025-48448
was published
for
drupal/admin_audit_trail
(Composer)
Jun 11, 2025
Drupal Commerce Alphabank Redirect Incorrect Authorization vulnerability
High
CVE-2025-48446
was published
for
drupal/commerce_alphabank_redirect
(Composer)
Jun 11, 2025
Drupal Commerce Eurobank (Redirect) Incorrect Authorization vulnerability
High
CVE-2025-48445
was published
for
drupal/commerce_eurobank_redirect
(Composer)
Jun 11, 2025
Hax CMS Stored Cross-Site Scripting vulnerability
High
CVE-2025-49137
was published
for
elmsln/haxcms
(Composer)
Jun 9, 2025
MantisBT Insufficient Session Expiration cookie string not reset after logout
High
CVE-2009-20001
was published
for
mantisbt/mantisbt
(Composer)
Apr 21, 2022
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55638
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55637
was published
for
drupal/core
(Composer)
Dec 10, 2024
TYPO3 Scheduler Module vulnerable to Cross-Site Request Forgery
High
CVE-2024-55924
was published
for
typo3/cms-scheduler
(Composer)
Jan 14, 2025
PHPOffice Math allows XXE when processing an XML file in the MathML format
High
CVE-2025-48882
was published
for
phpoffice/math
(Composer)
May 29, 2025
Moodle SSRF Vulnerability
High
CVE-2019-6970
was published
for
moodle/moodle
(Composer)
May 14, 2022
MantisBT CSV Injection unprivileged user access in csv_export.php
High
CVE-2021-43257
was published
for
mantisbt/mantisbt
(Composer)
Apr 15, 2022
MantisBT Incorrect Authorization for bug_revision_view_page.php check
High
CVE-2020-35849
was published
for
mantisbt/mantisbt
(Composer)
May 24, 2022
Unsafe deserialization in SmtpTransport in CakePHP
High
CVE-2019-11458
was published
for
cakephp/cakephp
(Composer)
Dec 2, 2019
MantisBT Remote Code Execution
High
CVE-2019-15715
was published
for
mantisbt/mantisbt
(Composer)
May 24, 2022
phpMyAdmin Denial Of Service (DOS) attack
High
CVE-2016-5706
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference
High
CVE-2025-48205
was published
for
sjbr/sr-feuser-register
(Composer)
May 21, 2025
The Backup Plus extension for TYPO3 (ns_backup) has a Predictable Resource Location
High
CVE-2025-48201
was published
for
nitsan/ns-backup
(Composer)
May 21, 2025
ProTip!
Advisories are also available from the
GraphQL API